Debian Ceph vulnerabilities

CVE-2025-52555 [MEDIUM] CVE-2025-52555: ceph - Ceph is a distributed object, block, and file storage platform. In versions 17.2... Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as

CVE-2024-48916 [HIGH] CVE-2024-48916: ceph - Ceph is a distributed object, block, and file storage platform. In versions 19.2... Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published. Scope: local bookworm: resolve

CVE-2024-47866 [HIGH] CVE-2024-47866: ceph - Ceph is a distributed object, block, and file storage platform. In versions up t... Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist. Scope: local bookworm: open bullseye: resolv

CVE-2024-31884 CVE-2024-31884: ceph bookworm: open bullseye: resolved (fixed in 14.2.21-1+deb11u3) forky: resolved (fixed in 18.2.8+ds-1) sid: resolved (fixed in 18.2.8+ds-1) trixie: open

CVE-2023-43040 [MEDIUM] CVE-2023-43040: ceph - IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform u... IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807. Scope: local bookworm: resolved (fixed in 16.2.15+ds-0+deb12u1) bullseye: resolved (fixed in 14.2.21-1+deb11u1) forky: resolved (fixed in 16.2.11+ds-5) sid: resolved (fixed in 16.2.11+ds-5) trixie:

CVE-2022-0670 [CRITICAL] CVE-2022-0670: ceph - A flaw was found in Openstack manilla owning a Ceph File system "share", which e... A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2. Scope: local bookworm

CVE-2022-3650 [HIGH] CVE-2022-3650: ceph - A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local... A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information. Scope: local bookworm: resolved (fixed in 16.2.10+ds-4) bullseye: resolved (fixed in 14.2.21-1+deb11u1) forky: resolved (fixed in 16.2.10+ds-4) sid: resolved (fixed in 16.2.10+ds-4) trixie:

CVE-2022-3854 [MEDIUM] CVE-2022-3854: ceph - A flaw was found in Ceph, relating to the URL processing on RGW backends. An att... A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. Scope: local bookworm: resolved (fixed in 16.2.10+ds-5) bullseye: resolved forky: resolved (fixed in 16.2.10+ds-5) sid: resolved (fixed in 16.2.10+ds-5) trixie: resolved (fixed in 16.

CVE-2021-20288 [HIGH] CVE-2021-20288: ceph - An authentication flaw was found in ceph in versions before 14.2.20. When the mo... An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to

CVE-2021-3979 [MEDIUM] CVE-2021-3979: ceph - A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the... A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. Scope: local bookworm: resolved (fixed in 16.2.9+ds-1) bullseye: resolved (fixed in 14.2.

CVE-2021-3531 [MEDIUM] CVE-2021-3531: ceph - A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. Whe... A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. Scope: local bookworm: resolved (fixed in 14.2.21-1) bullseye: resolved (fixed in 14.2.21-1) forky: re

CVE-2021-3509 [MEDIUM] CVE-2021-3509: ceph - A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In respo... A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and avai

CVE-2021-3524 [MEDIUM] CVE-2021-3524: ceph - A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in ve... A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior b

CVE-2020-1699 [HIGH] CVE-2020-1699: ceph - A path traversal flaw was found in the Ceph dashboard implemented in upstream ve... A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard. Scope: local bookworm: resolved (fixed in 14.2.6-4) bullseye: reso

CVE-2020-12059 [HIGH] CVE-2020-12059: ceph - An issue was discovered in Ceph through 13.2.9. A POST request with an invalid t... An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. Scope: local bookworm: resolved (fixed in 14.2.4-1) bullseye: resolved (fixed in 14.2.4-1) forky: resolved (fixed in 14.2.4-1) sid: resolved (fixed in 14.2.4-1) trixie: resolved (fixed in 14.2.4-1)

CVE-2020-27781 [HIGH] CVE-2020-27781: ceph - User credentials can be manipulated and stolen by Native CephFS consumers of Ope... User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the a

CVE-2020-25660 [HIGH] CVE-2020-25660: ceph - A flaw was found in the Cephx authentication protocol in versions before 15.2.6 ... A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph s

CVE-2020-25678 [MEDIUM] CVE-2020-25678: ceph - A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr modul... A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. Scope: local bookworm: resolved (fixed in 14.2.18-1) bullseye: resolved (fixed in 14.2.18-1) forky: resolved (fixed in 14.2.18-1) sid: resolved (fixed in 14.2.18-1) tr

CVE-2020-1700 [MEDIUM] CVE-2020-1700: ceph - A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disc... A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of avai

CVE-2020-1760 [MEDIUM] CVE-2020-1760: ceph - A flaw was found in the Ceph Object Gateway, where it supports request sent by a... A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. Scope: local bookworm: resolved (fixed in 14.2.9-1) bullseye: resolved (fixed in 14.2.9-1) forky: resolved (fixed in 14.2.9-1) sid: resolved (fixed in 14