rpm package
suse/deepsea&distro=SUSE Enterprise Storage 6
pkg:rpm/suse/deepsea&distro=SUSE%20Enterprise%20Storage%206
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-27839 | — | < 0.9.35+git.0.5a1dc9fe-3.34.1 | 0.9.35+git.0.5a1dc9fe-3.34.1 | May 26, 2021 | A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confid | ||
| CVE-2021-20288 | — | < 0.9.35+git.0.5a1dc9fe-3.34.1 | 0.9.35+git.0.5a1dc9fe-3.34.1 | Apr 15, 2021 | An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_i | ||
| CVE-2020-25678 | — | < 0.9.35+git.0.5a1dc9fe-3.34.1 | 0.9.35+git.0.5a1dc9fe-3.34.1 | Jan 8, 2021 | A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. | ||
| CVE-2020-10753 | — | < 0.9.33+git.0.ed16d26e-3.27.1 | 0.9.33+git.0.ed16d26e-3.27.1 | Jun 26, 2020 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the |
- CVE-2020-27839May 26, 2021affected < 0.9.35+git.0.5a1dc9fe-3.34.1fixed 0.9.35+git.0.5a1dc9fe-3.34.1
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confid
- CVE-2021-20288Apr 15, 2021affected < 0.9.35+git.0.5a1dc9fe-3.34.1fixed 0.9.35+git.0.5a1dc9fe-3.34.1
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_i
- CVE-2020-25678Jan 8, 2021affected < 0.9.35+git.0.5a1dc9fe-3.34.1fixed 0.9.35+git.0.5a1dc9fe-3.34.1
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
- CVE-2020-10753Jun 26, 2020affected < 0.9.33+git.0.ed16d26e-3.27.1fixed 0.9.33+git.0.ed16d26e-3.27.1
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the