Redhat Ceph vulnerabilities

CVE-2024-47866 [HIGH] CWE-20 CVE-2024-47866: Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2 Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.

CVE-2022-3650 [HIGH] CWE-842 CVE-2022-3650: A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalat A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.

CVE-2020-27839 [MEDIUM] CWE-522 CVE-2020-27839: A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

CVE-2021-3531 [MEDIUM] CWE-20 CVE-2021-3531: A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET R A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

CVE-2021-3524 [MEDIUM] CVE-2021-3524: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.2 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, t

CVE-2020-25678 [MEDIUM] CWE-312 CVE-2020-25678: A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

CVE-2020-27781 [HIGH] CWE-522 CVE-2020-27781: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resul User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack proj

CVE-2020-25660 [HIGH] CVE-2020-25660: A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by t

CVE-2018-16889 [MEDIUM] CWE-532 CVE-2018-16889: Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the le Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

CVE-2018-14662 [MEDIUM] CWE-285 CVE-2018-14662: It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions co It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

CVE-2018-16846 [MEDIUM] CWE-770 CVE-2018-16846: It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

CVE-2016-8626 [MEDIUM] CWE-476 CVE-2016-8626: A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object re A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.

CVE-2018-1128 [HIGH] CWE-294 CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulner It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, lumino

CVE-2018-7262 [HIGH] CWE-476 CVE-2018-7262: In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

CVE-2017-16818 [MEDIUM] CWE-617 CVE-2017-16818: RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of s RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.

CVE-2016-5009 [MEDIUM] CWE-20 CVE-2016-5009: The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a d The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

CVE-2015-5245 [MEDIUM] CVE-2015-5245: CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 a CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.