Linuxfoundation Ceph vulnerabilities

CVE-2022-0670 [CRITICAL] CWE-863 CVE-2022-0670: A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.

CVE-2021-20288 [HIGH] CWE-287 CVE-2021-20288: An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_ An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reu

CVE-2020-10753 [MEDIUM] CWE-113 CVE-2020-10753: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is rel A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are v

CVE-2020-10736 [HIGH] CWE-285 CVE-2020-10736: An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the cep An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

CVE-2020-1760 [MEDIUM] CWE-79 CVE-2020-1760: A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

CVE-2020-12059 [HIGH] CWE-476 CVE-2020-12059: An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

CVE-2020-1699 [HIGH] CWE-200 CVE-2020-1699: A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14. A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

CVE-2020-1759 [MEDIUM] CWE-323 CVE-2020-1759: A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 wher A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a