rpm package
opensuse/ceph&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.4
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3854 | — | < 16.2.11.58+g38d6afd3b78-150400.3.6.1 | 16.2.11.58+g38d6afd3b78-150400.3.6.1 | Mar 6, 2023 | A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. | ||
| CVE-2022-3650 | — | < 16.2.11.58+g38d6afd3b78-150400.3.6.1 | 16.2.11.58+g38d6afd3b78-150400.3.6.1 | Jan 17, 2023 | A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. | ||
| CVE-2021-3979 | — | < 16.2.9.536+g41a9f9a5573-150400.3.3.1 | 16.2.9.536+g41a9f9a5573-150400.3.3.1 | Aug 25, 2022 | A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks | ||
| CVE-2022-0670 | — | < 16.2.11.58+g38d6afd3b78-150400.3.6.1 | 16.2.11.58+g38d6afd3b78-150400.3.6.1 | Jul 25, 2022 | A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality |
- CVE-2022-3854Mar 6, 2023affected < 16.2.11.58+g38d6afd3b78-150400.3.6.1fixed 16.2.11.58+g38d6afd3b78-150400.3.6.1
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.
- CVE-2022-3650Jan 17, 2023affected < 16.2.11.58+g38d6afd3b78-150400.3.6.1fixed 16.2.11.58+g38d6afd3b78-150400.3.6.1
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
- CVE-2021-3979Aug 25, 2022affected < 16.2.9.536+g41a9f9a5573-150400.3.3.1fixed 16.2.9.536+g41a9f9a5573-150400.3.3.1
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks
- CVE-2022-0670Jul 25, 2022affected < 16.2.11.58+g38d6afd3b78-150400.3.6.1fixed 16.2.11.58+g38d6afd3b78-150400.3.6.1
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality