Redhat Ceph Storage vulnerabilities

CVE-2025-14874 [HIGH] CWE-703 CVE-2025-14874: A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted em A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

CVE-2025-13601 [HIGH] CWE-190 CVE-2025-13601: A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer si A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off t

CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-0056 [MEDIUM] CWE-400 CVE-2023-0056: An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the s An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

CVE-2022-3854 [MEDIUM] CWE-177 CVE-2022-3854: A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit th A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

CVE-2021-3979 [MEDIUM] CWE-327 CVE-2021-3979: A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key l A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.

CVE-2022-0670 [CRITICAL] CWE-863 CVE-2022-0670: A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.

CVE-2022-26148 [CRITICAL] CWE-312 CVE-2022-26148: An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password c An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password

CVE-2021-4048 [CRITICAL] CWE-125 CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack t An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

CVE-2021-20236 [CRITICAL] CWE-120 CVE-2021-20236: A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2021-3509 [MEDIUM] CVE-2021-3509: A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-2783 A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity

CVE-2021-3531 [MEDIUM] CWE-20 CVE-2021-3531: A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET R A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.

CVE-2021-3524 [MEDIUM] CVE-2021-3524: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.2 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, t

CVE-2021-20288 [HIGH] CWE-287 CVE-2021-20288: An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_ An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reu

CVE-2020-25678 [MEDIUM] CWE-312 CVE-2020-25678: A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

CVE-2020-27781 [HIGH] CWE-522 CVE-2020-27781: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resul User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack proj

CVE-2020-25677 [MEDIUM] CWE-312 CVE-2020-25677: A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insec A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.

CVE-2020-25660 [HIGH] CVE-2020-25660: A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by t

CVE-2020-25626 [MEDIUM] CWE-20 CVE-2020-25626: A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the b A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leading to a cross-site-scripting (XSS) vulnerability.