rpm package

suse/ceph&distro=SUSE Linux Enterprise Module for Basesystem 15 SP3

pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3

Vulnerabilities (5)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-3979	—	< 16.2.9.536+g41a9f9a5573-150300.6.3.1	16.2.9.536+g41a9f9a5573-150300.6.3.1	Aug 25, 2022	A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks
CVE-2021-3509	—	< 15.2.12.83+g528da226523-3.25.1	15.2.12.83+g528da226523-3.25.1	May 26, 2021	A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it ava
CVE-2021-3531	—	< 15.2.12.83+g528da226523-3.25.1	15.2.12.83+g528da226523-3.25.1	May 18, 2021	A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
CVE-2021-3524	—	< 15.2.12.83+g528da226523-3.25.1	15.2.12.83+g528da226523-3.25.1	May 17, 2021	A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates
CVE-2021-20288	—	< 15.2.11.83+g8a15f484c2-3.20.1	15.2.11.83+g8a15f484c2-3.20.1	Apr 15, 2021	An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_i

CVE-2021-3979Aug 25, 2022
affected < 16.2.9.536+g41a9f9a5573-150300.6.3.1fixed 16.2.9.536+g41a9f9a5573-150300.6.3.1
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks
CVE-2021-3509May 26, 2021
affected < 15.2.12.83+g528da226523-3.25.1fixed 15.2.12.83+g528da226523-3.25.1
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it ava
CVE-2021-3531May 18, 2021
affected < 15.2.12.83+g528da226523-3.25.1fixed 15.2.12.83+g528da226523-3.25.1
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
CVE-2021-3524May 17, 2021
affected < 15.2.12.83+g528da226523-3.25.1fixed 15.2.12.83+g528da226523-3.25.1
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates
CVE-2021-20288Apr 15, 2021
affected < 15.2.11.83+g8a15f484c2-3.20.1fixed 15.2.11.83+g8a15f484c2-3.20.1
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_i