CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-1759 – Gentoo Linux Security Advisory 202105-39
https://notcve.org/view.php?id=CVE-2020-1759
13 Apr 2020 — A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. Se detectó una vulnerabilidad en Red Hat Ceph Storage versión 4 y Red Hat... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759 • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16889 – ceph: debug logging for v4 auth does not sanitize encryption keys
https://notcve.org/view.php?id=CVE-2018-16889
28 Jan 2019 — Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. Ceph no sanea de manera correcta las claves de cifrado en registros de depuración para autenticaciones v4. Esto resulta en el filtrado de información sobre las claves de cifrado en los archivos de registro mediante texto plano. • http://www.securityfocus.com/bid/106528 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.7EPSS: 0%CPEs: 10EXPL: 0CVE-2018-14662 – ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key
https://notcve.org/view.php?id=CVE-2018-14662
15 Jan 2019 — It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. En Ceph en versiones anteriores a la 13.2.4, se ha detectado que los usuarios ceph autenticados con permisos de solo lectura podrían robar las claves de cifrado dm-crypt empleadas durante el cifrado de disco ceph. It was found that authenticated ceph user with read only permissions could steal dm-crypt encryption keys used in ceph disk encryptio... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html • CWE-285: Improper Authorization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 4%CPEs: 10EXPL: 0CVE-2018-16846 – ceph: ListBucket max-keys has no defined limit in the RGW codebase
https://notcve.org/view.php?id=CVE-2018-16846
15 Jan 2019 — It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Se ha detectado en Ceph, en versiones anteriores a la 13.2.4, que los usuarios ceph RGW autenticados pueden provocar una denegación de servicio (DoS) contra los índices OMAP de depósito de retención. A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase. An authenticated ceph RGW user can cause a denial of service at... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-7262 – ceph: Unauthenticated malformed HTTP requests handled by rgw_civetweb.cc:RGW::init_env() can lead to denial of service
https://notcve.org/view.php?id=CVE-2018-7262
19 Mar 2018 — In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. En Ceph, en versiones anteriores a la 12.2.3 y versiones 13.x hasta la 13.0.1, la función RGWCivetWeb::init_env en rgw_civetweb.cc en radosgw no gestiona las cabeceras HTTP mal formadas adecuadamente, lo que permite una denegación de servicio (DoS). A NULL pointer dereference flaw was found in RADOS Gateway HTTP request h... • http://tracker.ceph.com/issues/23039 • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 3%CPEs: 4EXPL: 0CVE-2016-8626 – Ceph: RGW Denial of Service by sending null or specially crafted POST object requests
https://notcve.org/view.php?id=CVE-2016-8626
23 Nov 2016 — A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. Se ha descubierto un problema en versiones anteriores a la 0.94.9-8 de Red Hat Ceph. La forma en la que Ceph Object Gateway gestiona las peticiones de objeto POST permite que un atacante autenticado lance un ataque de denegación de servicio (DoS) enviando peticiones de objet... • http://rhn.redhat.com/errata/RHSA-2016-2815.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-7031 – ceph: RGW permits bucket listing when authenticated_users=read
https://notcve.org/view.php?id=CVE-2016-7031
29 Sep 2016 — The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. El código RGW en Ceph en versiones anteriores a 10.0.1, cuando la lectura autenticada ACL es aplicada a un compartimento, permite a atacantes remotos listar el contenido del compartimento a través de una URL. A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated u... • http://docs.ceph.com/docs/master/release-notes/#v10-0-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 0CVE-2016-5009 – crash: mon_command crashes ceph monitors on receiving empty prefix
https://notcve.org/view.php?id=CVE-2016-5009
05 Jul 2016 — The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. La función handle_command en mon/Monitor.cc en Ceph permite a usuarios remotos autenticados provocar un denegación de servicio (fallo de segmentación y caída del monitor ceph) a través de un prefijo (1) vacío o (2) manipulado. A flaw was found in the way handle_command() function would validate prefix value fr... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00126.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5245 – Ceph: RGW returns requested bucket name raw in Bucket response header
https://notcve.org/view.php?id=CVE-2015-5245
23 Nov 2015 — CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name. Vulnerabilidad de inyección CRLF en la Ceph Object Gateway (también conocida como radosgw o RGW) en Ceph en versiones anteriores a 0.94.4 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través de un nombre de co... • http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html • CWE-20: Improper Input Validation •