Redhat Ceph Storage vulnerabilities

CVE-2020-14365 [HIGH] CWE-347 CVE-2020-14365: A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the syst

CVE-2020-10753 [MEDIUM] CWE-113 CVE-2020-10753: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is rel A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are v

CVE-2020-10685 [MEDIUM] CWE-459 CVE-2020-10685: A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x b A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary dir

CVE-2020-12458 [MEDIUM] CWE-732 CVE-2020-12458: An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/g An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).

CVE-2020-1760 [MEDIUM] CWE-79 CVE-2020-1760: A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

CVE-2020-1699 [HIGH] CWE-200 CVE-2020-1699: A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14. A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

CVE-2020-1759 [MEDIUM] CWE-323 CVE-2020-1759: A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 wher A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a

CVE-2020-1712 [HIGH] CWE-416 CVE-2020-1712: A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

CVE-2019-14905 [MEDIUM] CWE-20 CVE-2019-14905: A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x b A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of con

CVE-2019-14859 [CRITICAL] CWE-347 CVE-2019-14859: A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify wheth A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.

CVE-2019-14864 [MEDIUM] CWE-117 CVE-2019-14864: Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, i Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.

CVE-2019-19337 [MEDIUM] CWE-20 CVE-2019-19337: A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server.

CVE-2019-10222 [HIGH] CWE-755 CVE-2019-10222: A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

CVE-2018-14662 [MEDIUM] CWE-285 CVE-2018-14662: It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions co It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

CVE-2018-16846 [MEDIUM] CWE-770 CVE-2018-16846: It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

CVE-2018-19039 [MEDIUM] CWE-200 CVE-2018-19039: Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.

CVE-2018-14649 [CRITICAL] CWE-77 CVE-2018-14649: It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-w It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successf

CVE-2018-15727 [CRITICAL] CWE-287 CVE-2018-15727: Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.

CVE-2016-9579 [HIGH] CWE-20 CVE-2016-9579: A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.

CVE-2018-10875 [HIGH] CWE-426 CVE-2018-10875: A flaw was found in ansible. ansible.cfg is read from the current working directory which can be alt A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.