VYPR
Vendor

Ceph

Products
10
CVEs
41
Across products
44
Status
Private

Products

10

Recent CVEs

41
View all 41 CVEs →
  • CVE-2018-14649CriOct 9, 2018
    risk 0.58cvss 9.8epss 0.12

    It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access…

  • CVE-2024-48916HigJul 30, 2025
    risk 0.53cvss 8.1epss 0.00

    Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of…

  • CVE-2016-7031HigOct 3, 2016
    risk 0.49cvss 7.5epss 0.02

    The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.

  • CVE-2016-9579MedAug 1, 2018
    risk 0.43cvss 6.5epss 0.04

    A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP…

  • CVE-2017-16818MedDec 20, 2017
    risk 0.42cvss 6.5epss 0.02

    RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to…

  • CVE-2016-5009MedJul 12, 2016
    risk 0.42cvss 6.5epss 0.02

    The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

  • CVE-2017-12155MedDec 12, 2017
    risk 0.41cvss 6.3epss 0.00

    A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker…

  • CVE-2025-52555MedJun 26, 2025
    risk 0.35cvss 6.5epss 0.00

    Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The…

  • CVE-2025-40362Dec 16, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other…

  • CVE-2024-47866Nov 12, 2025
    risk 0.00cvss epss 0.00

    Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time…

  • CVE-2024-53685Jan 11, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively…

  • CVE-2022-3854Mar 6, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

  • CVE-2022-3650Jan 17, 2023
    risk 0.00cvss epss 0.00

    A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

  • CVE-2022-0670Jul 25, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise…

  • CVE-2020-1716May 28, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph…

  • CVE-2021-3524May 17, 2021
    risk 0.00cvss epss 0.02

    A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file…

  • CVE-2021-20288Apr 15, 2021
    risk 0.00cvss epss 0.02

    An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a…

  • CVE-2020-25678Jan 8, 2021
    risk 0.00cvss epss 0.00

    A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

  • CVE-2020-27781Dec 18, 2020
    risk 0.00cvss epss 0.00

    User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved…

  • CVE-2020-25677Dec 8, 2020
    risk 0.00cvss epss 0.00

    A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.