CVE-2020-25678 – ceph: mgr modules' passwords are in clear text in mgr logs
https://notcve.org/view.php?id=CVE-2020-25678
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. Se encontró un fallo en ceph en versiones anteriores a 16.yz, donde ceph almacena contraseñas del módulo mgr en texto sin cifrar. Esto puede ser encontrado al buscar en los registros mgr para grafana y dashboard, con contraseñas visibles A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard, with passwords visible. • https://bugzilla.redhat.com/show_bug.cgi?id=1892109 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M https://security.gentoo.org/glsa/202105-39 https://tracker.ceph.com/issues/37503 https://access.redhat.com/security/cve/CVE-2020-25678 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2020-27781 – ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila
https://notcve.org/view.php?id=CVE-2020-27781
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. • https://bugzilla.redhat.com/show_bug.cgi?id=1900109 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJ7FFROL25FYRL6FMI33VRKOD74LINRP https://security.gentoo.org/glsa/202105-39 https://access.redhat.com/security/cve/CVE-2020-27781 • CWE-522: Insufficiently Protected Credentials •
CVE-2020-25660 – ceph: CEPHX_V2 replay attack protection lost
https://notcve.org/view.php?id=CVE-2020-25660
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1890354 https://ceph.io/community/v15-2-6-octopus-released https://ceph.io/releases/v14-2-14-nautilus-released https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBC4KZ44QUQENTYZPVHORGL4K2KV5V4F https://security.gentoo.org/glsa/202105-39 https://access.redhat.com/security/cve/CVE-2020-25660 • CWE-294: Authentication Bypass by Capture-replay •
CVE-2020-10753 – ceph: radosgw: HTTP header injection via CORS ExposeHeader tag
https://notcve.org/view.php?id=CVE-2020-10753
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. Se encontró un fallo en el Red Hat Ceph Storage RadosGW (Ceph Object Gateway). • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00062.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10753 https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFU7LXEL2UZE565FJBTY7UGH2O7ZUBVS https://security.gentoo.org/glsa/202105-39 https://usn.ubuntu.com/4528-1 https://access.redhat.com/securi • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVE-2020-10736
https://notcve.org/view.php?id=CVE-2020-10736
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. Se encontró una vulnerabilidad de omisión de autorización en Ceph versiones 15.2.0 anteriores a 15.2.2, donde los demonios ceph-mon y ceph-mgr no restringen correctamente el acceso, resultando en un acceso a recursos no autorizados. Este fallo permite a un cliente autenticado modificar la configuración y posiblemente realizar más ataques • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736 https://ceph.io/releases/v15-2-2-octopus-released • CWE-285: Improper Authorization •