rpm package
suse/ceph&distro=SUSE Enterprise Storage 6
pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%206
Vulnerabilities (16)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3509 | — | < 14.2.21.403+g69ab6ea274d-3.63.1 | 14.2.21.403+g69ab6ea274d-3.63.1 | May 26, 2021 | A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it ava | ||
| CVE-2020-27839 | — | < 14.2.20.402+g6aa76c6815-3.60.1 | 14.2.20.402+g6aa76c6815-3.60.1 | May 26, 2021 | A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confid | ||
| CVE-2021-3531 | — | < 14.2.21.403+g69ab6ea274d-3.63.1 | 14.2.21.403+g69ab6ea274d-3.63.1 | May 18, 2021 | A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. | ||
| CVE-2021-3524 | — | < 14.2.21.403+g69ab6ea274d-3.63.1 | 14.2.21.403+g69ab6ea274d-3.63.1 | May 17, 2021 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates | ||
| CVE-2021-20288 | — | < 14.2.20.402+g6aa76c6815-3.60.1 | 14.2.20.402+g6aa76c6815-3.60.1 | Apr 15, 2021 | An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_i | ||
| CVE-2020-25678 | — | < 14.2.20.402+g6aa76c6815-3.60.1 | 14.2.20.402+g6aa76c6815-3.60.1 | Jan 8, 2021 | A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. | ||
| CVE-2020-27781 | — | < 14.2.16.402+g7d47dbaf4d-3.57.1 | 14.2.16.402+g7d47dbaf4d-3.57.1 | Dec 18, 2020 | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved vi | ||
| CVE-2020-25660 | — | < 14.2.13.450+g65ea1b614d-3.52.1 | 14.2.13.450+g65ea1b614d-3.52.1 | Nov 23, 2020 | A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authen | ||
| CVE-2020-10753 | — | < 14.2.9.970+ged84cae0c9-3.41.1 | 14.2.9.970+ged84cae0c9-3.41.1 | Jun 26, 2020 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the | ||
| CVE-2020-1760 | — | < 14.2.5.389+gb0f23ac248-3.35.2 | 14.2.5.389+gb0f23ac248-3.35.2 | Apr 23, 2020 | A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. | ||
| CVE-2020-1699 | — | < 14.2.5.382+g8881d33957-3.30.1 | 14.2.5.382+g8881d33957-3.30.1 | Apr 21, 2020 | A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine r | ||
| CVE-2020-1759 | — | < 14.2.5.389+gb0f23ac248-3.35.2 | 14.2.5.389+gb0f23ac248-3.35.2 | Apr 13, 2020 | A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by | ||
| CVE-2020-1700 | — | < 14.2.5.382+g8881d33957-3.30.1 | 14.2.5.382+g8881d33957-3.30.1 | Feb 7, 2020 | A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of servi | ||
| CVE-2019-10222 | — | < 14.2.2.349+g6716a1e448-3.9.1 | 14.2.2.349+g6716a1e448-3.9.1 | Nov 8, 2019 | A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clie | ||
| CVE-2019-3821 | — | < 14.2.1.468+g994fd9e0cc-3.3.2 | 14.2.1.468+g994fd9e0cc-3.3.2 | Mar 27, 2019 | A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of servi | ||
| CVE-2018-16889 | — | < 14.2.1.468+g994fd9e0cc-3.3.2 | 14.2.1.468+g994fd9e0cc-3.3.2 | Jan 28, 2019 | Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. |
- CVE-2021-3509May 26, 2021affected < 14.2.21.403+g69ab6ea274d-3.63.1fixed 14.2.21.403+g69ab6ea274d-3.63.1
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it ava
- CVE-2020-27839May 26, 2021affected < 14.2.20.402+g6aa76c6815-3.60.1fixed 14.2.20.402+g6aa76c6815-3.60.1
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confid
- CVE-2021-3531May 18, 2021affected < 14.2.21.403+g69ab6ea274d-3.63.1fixed 14.2.21.403+g69ab6ea274d-3.63.1
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
- CVE-2021-3524May 17, 2021affected < 14.2.21.403+g69ab6ea274d-3.63.1fixed 14.2.21.403+g69ab6ea274d-3.63.1
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates
- CVE-2021-20288Apr 15, 2021affected < 14.2.20.402+g6aa76c6815-3.60.1fixed 14.2.20.402+g6aa76c6815-3.60.1
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_i
- CVE-2020-25678Jan 8, 2021affected < 14.2.20.402+g6aa76c6815-3.60.1fixed 14.2.20.402+g6aa76c6815-3.60.1
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
- CVE-2020-27781Dec 18, 2020affected < 14.2.16.402+g7d47dbaf4d-3.57.1fixed 14.2.16.402+g7d47dbaf4d-3.57.1
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved vi
- CVE-2020-25660Nov 23, 2020affected < 14.2.13.450+g65ea1b614d-3.52.1fixed 14.2.13.450+g65ea1b614d-3.52.1
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authen
- CVE-2020-10753Jun 26, 2020affected < 14.2.9.970+ged84cae0c9-3.41.1fixed 14.2.9.970+ged84cae0c9-3.41.1
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the
- CVE-2020-1760Apr 23, 2020affected < 14.2.5.389+gb0f23ac248-3.35.2fixed 14.2.5.389+gb0f23ac248-3.35.2
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
- CVE-2020-1699Apr 21, 2020affected < 14.2.5.382+g8881d33957-3.30.1fixed 14.2.5.382+g8881d33957-3.30.1
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine r
- CVE-2020-1759Apr 13, 2020affected < 14.2.5.389+gb0f23ac248-3.35.2fixed 14.2.5.389+gb0f23ac248-3.35.2
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by
- CVE-2020-1700Feb 7, 2020affected < 14.2.5.382+g8881d33957-3.30.1fixed 14.2.5.382+g8881d33957-3.30.1
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of servi
- CVE-2019-10222Nov 8, 2019affected < 14.2.2.349+g6716a1e448-3.9.1fixed 14.2.2.349+g6716a1e448-3.9.1
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clie
- CVE-2019-3821Mar 27, 2019affected < 14.2.1.468+g994fd9e0cc-3.3.2fixed 14.2.1.468+g994fd9e0cc-3.3.2
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of servi
- CVE-2018-16889Jan 28, 2019affected < 14.2.1.468+g994fd9e0cc-3.3.2fixed 14.2.1.468+g994fd9e0cc-3.3.2
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.