CVE-2021-3531 – ceph: RGW unauthenticated denial of service
https://notcve.org/view.php?id=CVE-2021-3531
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. Se encontró un fallo en Red Hat Ceph Storage RGW en versiones anteriores a 14.2.21. Cuando se procesa una petición GET para una URL rápida que termina con dos barras, puede hacer que rgw pueda bloquearse, resultando en una denegación de servicio. • http://www.openwall.com/lists/oss-security/2021/05/14/5 http://www.openwall.com/lists/oss-security/2021/05/17/7 https://bugzilla.redhat.com/show_bug.cgi?id=1955326 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX5ZHI5L7FOHXOSEV3TYBAL66DMLJ7V5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPCJN2YDZCBMF4FOJXSTAADKFGEQEO7O https://lists.fedoraproject. • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVE-2021-3524 – gateway: radosgw: CRLF injection
https://notcve.org/view.php?id=CVE-2021-3524
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. Se encontró un fallo en Red Hat Ceph Storage RadosGW (Ceph Object Gateway) en versiones anteriores a la 14.2.21. • https://bugzilla.redhat.com/show_bug.cgi?id=1951674 https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX5ZHI5L7FOHXOSEV3TYBAL66DMLJ7V5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPCJN2YDZCBMF4FOJXSTAADKFGEQEO7O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-20288 – ceph: Unauthorized global_id reuse in cephx
https://notcve.org/view.php?id=CVE-2021-20288
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo de autenticación en ceph en versiones anteriores a 14.2.20. • https://bugzilla.redhat.com/show_bug.cgi?id=1938031 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/362CEPPYF3YMJZBEJQUT3KDE2EHYYIYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BPIAYTRCWAU4XWCDBK2THEFVXSC4XGK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVWUKUUS5BCIFWRV3JCUQMAPJ4HIWSED https://security.gentoo.org/glsa/202105-39 ht • CWE-287: Improper Authentication •
CVE-2020-25678 – ceph: mgr modules' passwords are in clear text in mgr logs
https://notcve.org/view.php?id=CVE-2020-25678
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. Se encontró un fallo en ceph en versiones anteriores a 16.yz, donde ceph almacena contraseñas del módulo mgr en texto sin cifrar. Esto puede ser encontrado al buscar en los registros mgr para grafana y dashboard, con contraseñas visibles A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard, with passwords visible. • https://bugzilla.redhat.com/show_bug.cgi?id=1892109 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M https://security.gentoo.org/glsa/202105-39 https://tracker.ceph.com/issues/37503 https://access.redhat.com/security/cve/CVE-2020-25678 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2020-27781 – ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila
https://notcve.org/view.php?id=CVE-2020-27781
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. • https://bugzilla.redhat.com/show_bug.cgi?id=1900109 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJ7FFROL25FYRL6FMI33VRKOD74LINRP https://security.gentoo.org/glsa/202105-39 https://access.redhat.com/security/cve/CVE-2020-27781 • CWE-522: Insufficiently Protected Credentials •