CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0670 – ceph: user/tenant can obtain access (read/write) to any share
https://notcve.org/view.php?id=CVE-2022-0670
25 Jul 2022 — A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2. Se ha encontrado un fallo en Openstack manilla que posee un "share" del sistema de archivos Ceph, que permite al propietario leer/escribir cualquier manilla compart... • https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released • CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27839 – ceph-dashboard: Don't use Browser's LocalStorage for storing JWT but Secure Cookies with proper HTTP Headers
https://notcve.org/view.php?id=CVE-2020-27839
26 May 2021 — A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en ceph-dashboard. El programa JSON Web Token (JWT) usado para la autenticación del usuario es almacenada en la aplicación frontend en el almacenamiento local del navegador, que es ... • https://bugzilla.redhat.com/show_bug.cgi?id=1901330 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3531 – ceph: RGW unauthenticated denial of service
https://notcve.org/view.php?id=CVE-2021-3531
18 May 2021 — A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. Se encontró un fallo en Red Hat Ceph Storage RGW en versiones anteriores a 14.2.21. Cuando se procesa una petición GET para una URL rápida que termina con dos barras, puede hacer que rgw pueda bloquearse, resultando en una denegación de s... • http://www.openwall.com/lists/oss-security/2021/05/14/5 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3524 – gateway: radosgw: CRLF injection
https://notcve.org/view.php?id=CVE-2021-3524
17 May 2021 — A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. Se encontró un fallo en ... • https://bugzilla.redhat.com/show_bug.cgi?id=1951674 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20288 – ceph: Unauthorized global_id reuse in cephx
https://notcve.org/view.php?id=CVE-2021-20288
15 Apr 2021 — An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se enc... • https://bugzilla.redhat.com/show_bug.cgi?id=1938031 • CWE-287: Improper Authentication •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25678 – ceph: mgr modules' passwords are in clear text in mgr logs
https://notcve.org/view.php?id=CVE-2020-25678
08 Jan 2021 — A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. Se encontró un fallo en ceph en versiones anteriores a 16.yz, donde ceph almacena contraseñas del módulo mgr en texto sin cifrar. Esto puede ser encontrado al buscar en los registros mgr para grafana y dashboard, con contraseñas visibles A flaw was found in Ceph where Ceph stores mgr module passwords in ... • https://bugzilla.redhat.com/show_bug.cgi?id=1892109 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2020-27781 – ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila
https://notcve.org/view.php?id=CVE-2020-27781
18 Dec 2020 — User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. • https://bugzilla.redhat.com/show_bug.cgi?id=1900109 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25660 – ceph: CEPHX_V2 replay attack protection lost
https://notcve.org/view.php?id=CVE-2020-25660
23 Nov 2020 — A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication exce... • https://bugzilla.redhat.com/show_bug.cgi?id=1890354 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-10753 – ceph: radosgw: HTTP header injection via CORS ExposeHeader tag
https://notcve.org/view.php?id=CVE-2020-10753
26 Jun 2020 — A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. Se encontró un fallo en el Red Hat Ceph Storage RadosGW (Ceph Object Gateway). • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00062.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10736 – Ubuntu Security Notice USN-4706-1
https://notcve.org/view.php?id=CVE-2020-10736
22 Jun 2020 — An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. Se encontró una vulnerabilidad de omisión de autorización en Ceph versiones 15.2.0 anteriores a 15.2.2, donde los demonios ceph-mon y ceph-mgr no restringen correctamente el acceso, resultan... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736 • CWE-285: Improper Authorization •