Debian Ceph vulnerabilities

CVE-2020-10753 [MEDIUM] CVE-2020-10753: ceph - A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The ... A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this

CVE-2020-1759 [MEDIUM] CVE-2020-1759: ceph - A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Contai... A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce valu

CVE-2020-27839 [MEDIUM] CVE-2020-27839: ceph - A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authe... A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity. Scope: local bookworm: resolved (fixed in 14.2.18-1) bullseye: r

CVE-2020-10736 [HIGH] CVE-2020-10736: ceph - An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 1... An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. Scope: local bookworm: resolved bullseye: resolve

CVE-2019-10222 [HIGH] CVE-2019-10222: ceph - A flaw was found in the Ceph RGW configuration with Beast as the front end handl... A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. Scope: local bookworm: resolved (fixed in 14.2.4-1) bullseye: resolved (fixed in 14.2.

CVE-2019-3821 [HIGH] CVE-2019-3821: ceph - A flaw was found in the way civetweb frontend was handling requests for ceph RGW... A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie:

CVE-2019-19337 [MEDIUM] CVE-2019-19337: ceph - A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gat... A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved

CVE-2018-10861 [HIGH] CVE-2018-10861: ceph - A flaw was found in the way ceph mon handles user requests. Any authenticated ce... A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. Scope: local bookworm: resolved (fixed in 12.2.8+dfsg1-1) bullseye: resolved (fixed in 12.2.8+dfsg1-1) forky: re

CVE-2018-1128 [HIGH] CVE-2018-1128: ceph - It was found that cephx authentication protocol did not verify ceph clients corr... It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are b

CVE-2018-14662 [MEDIUM] CVE-2018-14662: ceph - It was found Ceph versions before 13.2.4 that authenticated ceph users with read... It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. Scope: local bookworm: resolved (fixed in 12.2.11+dfsg1-1) bullseye: resolved (fixed in 12.2.11+dfsg1-1) forky: resolved (fixed in 12.2.11+dfsg1-1) sid: resolved (fixed in 12.2.11+dfsg1-1) trixie: resolve

CVE-2018-16846 [MEDIUM] CVE-2018-16846: ceph - It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users ca... It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Scope: local bookworm: resolved (fixed in 12.2.11+dfsg1-1) bullseye: resolved (fixed in 12.2.11+dfsg1-1) forky: resolved (fixed in 12.2.11+dfsg1-1) sid: resolved (fixed in 12.2.11+dfsg1-1) trixie: resolved (fixed in 12.2.11

CVE-2018-1129 [MEDIUM] CVE-2018-1129: ceph - A flaw was found in the way signature calculation was handled by cephx authentic... A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Scope: local bookworm: resolved (fixed in 12.

CVE-2018-16889 [MEDIUM] CVE-2018-16889: ceph - Ceph does not properly sanitize encryption keys in debug logging for v4 auth. Th... Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. Scope: local bookworm: resolved (fixed in 12.2.11+dfsg1-1) bullseye: resolved (fixed in 12.2.11+dfsg1-1) forky: resolved (fixed in 12.2.11+dfsg1-1) sid: resolved (fix

CVE-2018-7262 [HIGH] CVE-2018-7262: ceph - In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::... In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-7519 [LOW] CVE-2017-7519: ceph - In Ceph, a format string flaw was found in the way libradosstriper parses input ... In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library. Scope: local bookworm: resolved (fixed in 12.2.8+dfsg1-1) bullseye: resolved (fixed in 12.2.8+dfsg1-1) forky: resolved (fixed in 12.2.8+dfsg1-1) sid: resolved (fixed in 12.2.8+dfsg1-1) trixie: resolved (

CVE-2017-16818 [MEDIUM] CVE-2017-16818: ceph - RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to... RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. Scope: local bookworm: resolved bullse

CVE-2016-7031 [HIGH] CVE-2016-7031: ceph - The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a ... The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. Scope: local bookworm: resolved (fixed in 10.2.5-1) bullseye: resolved (fixed in 10.2.5-1) forky: resolved (fixed in 10.2.5-1) sid: resolved (fixed in 10.2.5-1) trixie: resolved (fixed in 10.2.5-1)

CVE-2016-8626 [MEDIUM] CVE-2016-8626: ceph - A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway ha... A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. Scope: local bookworm: resolved (fixed in 10.2.5-1) bullseye: resolved (fixed in 10.2.5-1) forky: resolved (fixed in 10.2.5-1) sid: re

CVE-2016-5009 [MEDIUM] CVE-2016-5009: ceph - The handle_command function in mon/Monitor.cc in Ceph allows remote authenticate... The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. Scope: local bookworm: resolved (fixed in 10.2.5-1) bullseye: resolved (fixed in 10.2.5-1) forky: resolved (fixed in 10.2.5-1) sid: resolved (fixed in 10.2.5-1) trixie: r

CVE-2016-9579 [MEDIUM] CVE-2016-9579: ceph - A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP ... A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected. Scope: local bookworm: resolved (fixed in 10.