| CVE-2020-27839 |
AVG-1421 |
Medium |
Yes |
Cross-site scripting |
A security issue was found in ceph in versions prior to 15.2.9. The JWT token used by the ceph dashboard for authorising against the API was stored inside... |
| CVE-2020-27781 |
AVG-1422 |
Medium |
Yes |
Privilege escalation |
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack... |
| CVE-2020-25678 |
AVG-1421 |
Medium |
No |
Information disclosure |
A flaw was found in ceph in versions prior to 15.2.9 where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for... |
| CVE-2020-25660 |
AVG-1195 |
High |
Yes |
Authentication bypass |
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is... |
| CVE-2020-10753 |
AVG-1195 |
Medium |
Yes |
Content spoofing |
A flaw was found in the Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader... |
| CVE-2020-10736 |
AVG-1290 |
Medium |
Yes |
Authentication bypass |
An authorization bypass vulnerability was found in Ceph versions 15.2.0 and 15.2.1, where the ceph-mon and ceph-mgr daemons do not properly restrict access,... |
| CVE-2020-1760 |
AVG-1195 |
Medium |
Yes |
Cross-site scripting |
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks... |
| CVE-2020-1759 |
AVG-1195 |
Medium |
Yes |
Private key recovery |
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2, where a nonce reuse vulnerability was discovered in the... |
| CVE-2019-10222 |
AVG-1029 |
Medium |
Yes |
Denial of service |
An improper exception condition handling in Ceph allows to any single unauthenticated client to crash RGW component of Ceph by sending a special crafted... |