rpm package
opensuse/ceph&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ceph&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3979 | — | < 16.2.9.536+g41a9f9a5573-1.1 | 16.2.9.536+g41a9f9a5573-1.1 | Aug 25, 2022 | A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks | ||
| CVE-2020-27839 | — | < 16.2.6.463+g22e7612f9ad-1.1 | 16.2.6.463+g22e7612f9ad-1.1 | May 26, 2021 | A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confid | ||
| CVE-2020-25678 | — | < 16.2.6.463+g22e7612f9ad-1.1 | 16.2.6.463+g22e7612f9ad-1.1 | Jan 8, 2021 | A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. | ||
| CVE-2020-27781 | — | < 16.2.6.463+g22e7612f9ad-1.1 | 16.2.6.463+g22e7612f9ad-1.1 | Dec 18, 2020 | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved vi | ||
| CVE-2020-25660 | — | < 16.2.6.463+g22e7612f9ad-1.1 | 16.2.6.463+g22e7612f9ad-1.1 | Nov 23, 2020 | A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authen |
- CVE-2021-3979Aug 25, 2022affected < 16.2.9.536+g41a9f9a5573-1.1fixed 16.2.9.536+g41a9f9a5573-1.1
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks
- CVE-2020-27839May 26, 2021affected < 16.2.6.463+g22e7612f9ad-1.1fixed 16.2.6.463+g22e7612f9ad-1.1
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confid
- CVE-2020-25678Jan 8, 2021affected < 16.2.6.463+g22e7612f9ad-1.1fixed 16.2.6.463+g22e7612f9ad-1.1
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
- CVE-2020-27781Dec 18, 2020affected < 16.2.6.463+g22e7612f9ad-1.1fixed 16.2.6.463+g22e7612f9ad-1.1
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved vi
- CVE-2020-25660Nov 23, 2020affected < 16.2.6.463+g22e7612f9ad-1.1fixed 16.2.6.463+g22e7612f9ad-1.1
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authen