Ceph
by Ceph
Source repositories
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48916 | Hig | 0.53 | 8.1 | 0.00 | Jul 30, 2025 | Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of… | ||
| CVE-2016-7031 | Hig | 0.49 | 7.5 | 0.02 | Oct 3, 2016 | The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. | ||
| CVE-2017-16818 | Med | 0.42 | 6.5 | 0.02 | Dec 20, 2017 | RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to… | ||
| CVE-2016-5009 | Med | 0.42 | 6.5 | 0.02 | Jul 12, 2016 | The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. | ||
| CVE-2017-12155 | Med | 0.41 | 6.3 | 0.00 | Dec 12, 2017 | A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker… | ||
| CVE-2025-52555 | Med | 0.35 | 6.5 | 0.00 | Jun 26, 2025 | Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The… | ||
| CVE-2025-40362 | 0.00 | — | 0.00 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other… | |||
| CVE-2024-47866 | 0.00 | — | 0.00 | Nov 12, 2025 | Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time… | |||
| CVE-2024-53685 | 0.00 | — | 0.00 | Jan 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively… | |||
| CVE-2022-3854 | 0.00 | — | 0.01 | Mar 6, 2023 | A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. | |||
| CVE-2022-3650 | 0.00 | — | 0.00 | Jan 17, 2023 | A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. | |||
| CVE-2022-0670 | 0.00 | — | 0.01 | Jul 25, 2022 | A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise… | |||
| CVE-2021-20288 | 0.00 | — | 0.02 | Apr 15, 2021 | An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a… | |||
| CVE-2020-25678 | 0.00 | — | 0.00 | Jan 8, 2021 | A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. | |||
| CVE-2020-27781 | 0.00 | — | 0.00 | Dec 18, 2020 | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved… | |||
| CVE-2020-25660 | 0.00 | — | 0.01 | Nov 23, 2020 | A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to… | |||
| CVE-2020-10736 | 0.00 | — | 0.01 | Jun 22, 2020 | An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the… | |||
| CVE-2020-12059 | 0.00 | — | 0.03 | Apr 22, 2020 | An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. | |||
| CVE-2020-1700 | 0.00 | — | 0.02 | Feb 7, 2020 | A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of… | |||
| CVE-2019-10222 | 0.00 | — | 0.05 | Nov 8, 2019 | A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW… |
- risk 0.53cvss 8.1epss 0.00
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of…
- risk 0.49cvss 7.5epss 0.02
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
- risk 0.42cvss 6.5epss 0.02
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to…
- risk 0.42cvss 6.5epss 0.02
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
- risk 0.41cvss 6.3epss 0.00
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker…
- risk 0.35cvss 6.5epss 0.00
Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The…
- CVE-2025-40362Dec 16, 2025risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other…
- CVE-2024-47866Nov 12, 2025risk 0.00cvss —epss 0.00
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time…
- CVE-2024-53685Jan 11, 2025risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively…
- CVE-2022-3854Mar 6, 2023risk 0.00cvss —epss 0.01
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.
- CVE-2022-3650Jan 17, 2023risk 0.00cvss —epss 0.00
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
- CVE-2022-0670Jul 25, 2022risk 0.00cvss —epss 0.01
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise…
- CVE-2021-20288Apr 15, 2021risk 0.00cvss —epss 0.02
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a…
- CVE-2020-25678Jan 8, 2021risk 0.00cvss —epss 0.00
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
- CVE-2020-27781Dec 18, 2020risk 0.00cvss —epss 0.00
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved…
- CVE-2020-25660Nov 23, 2020risk 0.00cvss —epss 0.01
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to…
- CVE-2020-10736Jun 22, 2020risk 0.00cvss —epss 0.01
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the…
- CVE-2020-12059Apr 22, 2020risk 0.00cvss —epss 0.03
An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.
- CVE-2020-1700Feb 7, 2020risk 0.00cvss —epss 0.02
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of…
- CVE-2019-10222Nov 8, 2019risk 0.00cvss —epss 0.05
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW…
Page 1 of 2