CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-1699
https://notcve.org/view.php?id=CVE-2020-1699
21 Apr 2020 — A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard. Se encontró un fallo de Salto de Ruta en el panel de control de Ceph implementado en las versiones anteriores a la versión v14.2.5, v14.2.6, v15.0.0 del almacenamiento de Ceph y se ha corregido en las vers... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1699 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-1759 – Gentoo Linux Security Advisory 202105-39
https://notcve.org/view.php?id=CVE-2020-1759
13 Apr 2020 — A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. Se detectó una vulnerabilidad en Red Hat Ceph Storage versión 4 y Red Hat... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759 • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16889 – ceph: debug logging for v4 auth does not sanitize encryption keys
https://notcve.org/view.php?id=CVE-2018-16889
28 Jan 2019 — Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. Ceph no sanea de manera correcta las claves de cifrado en registros de depuración para autenticaciones v4. Esto resulta en el filtrado de información sobre las claves de cifrado en los archivos de registro mediante texto plano. • http://www.securityfocus.com/bid/106528 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.7EPSS: 0%CPEs: 10EXPL: 0CVE-2018-14662 – ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key
https://notcve.org/view.php?id=CVE-2018-14662
15 Jan 2019 — It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. En Ceph en versiones anteriores a la 13.2.4, se ha detectado que los usuarios ceph autenticados con permisos de solo lectura podrían robar las claves de cifrado dm-crypt empleadas durante el cifrado de disco ceph. It was found that authenticated ceph user with read only permissions could steal dm-crypt encryption keys used in ceph disk encryptio... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html • CWE-285: Improper Authorization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 4%CPEs: 10EXPL: 0CVE-2018-16846 – ceph: ListBucket max-keys has no defined limit in the RGW codebase
https://notcve.org/view.php?id=CVE-2018-16846
15 Jan 2019 — It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Se ha detectado en Ceph, en versiones anteriores a la 13.2.4, que los usuarios ceph RGW autenticados pueden provocar una denegación de servicio (DoS) contra los índices OMAP de depósito de retención. A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase. An authenticated ceph RGW user can cause a denial of service at... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 0%CPEs: 32EXPL: 0CVE-2018-10861 – ceph: ceph-mon does not perform authorization on OSD pool ops
https://notcve.org/view.php?id=CVE-2018-10861
10 Jul 2018 — A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. Se ha encontrado un error en la forma en la que ceph mon maneja las peticiones de usuario. Cualquier usuario de ceph autenticado que tenga acceso de lectura en ceph puede eliminar, crear pools de almacenamiento de ceph y corromper imágenes instantáneas.... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2018-1128 – ceph: cephx protocol is vulnerable to replay attack
https://notcve.org/view.php?id=CVE-2018-1128
10 Jul 2018 — It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Se ha descubierto que el protocolo de autenticación cephx no verificaba correctamente los clientes ceph y era vul... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html • CWE-287: Improper Authentication CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2018-1129 – ceph: cephx uses weak signatures
https://notcve.org/view.php?id=CVE-2018-1129
10 Jul 2018 — A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Se ha encontrado un error en la forma en la que el cálculo de firmas es gestionado por el protocolo de autenticación cephx. Un atacante que tenga acceso a la red de clústers ceph y que p... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2018-7262 – ceph: Unauthenticated malformed HTTP requests handled by rgw_civetweb.cc:RGW::init_env() can lead to denial of service
https://notcve.org/view.php?id=CVE-2018-7262
19 Mar 2018 — In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. En Ceph, en versiones anteriores a la 12.2.3 y versiones 13.x hasta la 13.0.1, la función RGWCivetWeb::init_env en rgw_civetweb.cc en radosgw no gestiona las cabeceras HTTP mal formadas adecuadamente, lo que permite una denegación de servicio (DoS). A NULL pointer dereference flaw was found in RADOS Gateway HTTP request h... • http://tracker.ceph.com/issues/23039 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-16818
https://notcve.org/view.php?id=CVE-2017-16818
20 Dec 2017 — RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. RADOS Gateway en Ceph desde la versión 12.1.0 hasta la 12.2.1 permite que los usuarios autenticados remotos provoquen una denegación de servicio (fallo de aserción y salida de la ap... • https://bugzilla.redhat.com/show_bug.cgi?id=1515872 • CWE-617: Reachable Assertion •