CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0670 – ceph: user/tenant can obtain access (read/write) to any share
https://notcve.org/view.php?id=CVE-2022-0670
25 Jul 2022 — A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2. Se ha encontrado un fallo en Openstack manilla que posee un "share" del sistema de archivos Ceph, que permite al propietario leer/escribir cualquier manilla compart... • https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27839 – ceph-dashboard: Don't use Browser's LocalStorage for storing JWT but Secure Cookies with proper HTTP Headers
https://notcve.org/view.php?id=CVE-2020-27839
26 May 2021 — A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en ceph-dashboard. El programa JSON Web Token (JWT) usado para la autenticación del usuario es almacenada en la aplicación frontend en el almacenamiento local del navegador, que es ... • https://bugzilla.redhat.com/show_bug.cgi?id=1901330 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25678 – ceph: mgr modules' passwords are in clear text in mgr logs
https://notcve.org/view.php?id=CVE-2020-25678
08 Jan 2021 — A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. Se encontró un fallo en ceph en versiones anteriores a 16.yz, donde ceph almacena contraseñas del módulo mgr en texto sin cifrar. Esto puede ser encontrado al buscar en los registros mgr para grafana y dashboard, con contraseñas visibles A flaw was found in Ceph where Ceph stores mgr module passwords in ... • https://bugzilla.redhat.com/show_bug.cgi?id=1892109 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2020-27781 – ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila
https://notcve.org/view.php?id=CVE-2020-27781
18 Dec 2020 — User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. • https://bugzilla.redhat.com/show_bug.cgi?id=1900109 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25660 – ceph: CEPHX_V2 replay attack protection lost
https://notcve.org/view.php?id=CVE-2020-25660
23 Nov 2020 — A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication exce... • https://bugzilla.redhat.com/show_bug.cgi?id=1890354 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10736 – Ubuntu Security Notice USN-4706-1
https://notcve.org/view.php?id=CVE-2020-10736
22 Jun 2020 — An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. Se encontró una vulnerabilidad de omisión de autorización en Ceph versiones 15.2.0 anteriores a 15.2.2, donde los demonios ceph-mon y ceph-mgr no restringen correctamente el acceso, resultan... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-1699
https://notcve.org/view.php?id=CVE-2020-1699
21 Apr 2020 — A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard. Se encontró un fallo de Salto de Ruta en el panel de control de Ceph implementado en las versiones anteriores a la versión v14.2.5, v14.2.6, v15.0.0 del almacenamiento de Ceph y se ha corregido en las vers... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1699 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •