CVE-2020-10736

CWE-2859 documents8 sources
Severity
8.0HIGH
EPSS
0.1%
top 79.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linuxfoundation Ceph[unknown] Ceph
Timeline
PublishedJun 22
Latest updateMay 24

Description

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

NVDlinuxfoundation/ceph15.2.015.2.2
Ubuntuceph< 15.2.7-0ubuntu0.20.04.2
CVEListV5[unknown]/ceph15.2.0 before 15.2.2

🔴Vulnerability Details

4
GHSA
GHSA-7hf6-hcxg-35gw: An authorization bypass vulnerability was found in Ceph versions 152022-05-24
OSV
ceph vulnerabilities2021-01-28
CVEList
CVE-2020-10736: An authorization bypass vulnerability was found in Ceph versions 152020-06-22
OSV
CVE-2020-10736: An authorization bypass vulnerability was found in Ceph versions 152020-06-22

📋Vendor Advisories

3
Ubuntu
Ceph vulnerabilities2021-01-28
Red Hat
ceph: authorization bypass in monitor and manager daemons2020-05-18
Debian
CVE-2020-10736: ceph - An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 1...2020

💬Community

1
Bugzilla
CVE-2020-10736 ceph: authorization bypass in monitor and manager daemons2020-05-07
CVE-2020-10736 (HIGH CVSS 8) | An authorization bypass vulnerabili | cvebase.io