The Ceph Project Ceph vulnerabilities

CVE-2020-1699 [HIGH] CWE-200 CVE-2020-1699: A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14. A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

CVE-2020-1759 [MEDIUM] CWE-323 CVE-2020-1759: A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 wher A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a

CVE-2019-10222 [HIGH] CWE-755 CVE-2019-10222: A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.

CVE-2018-16889 [HIGH] CWE-532 CVE-2018-16889: Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the le Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.