Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ceph_storage
(Redhat)| Repositories | https://github.com/ceph/ceph |
| #Vulnerabilities | 46 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-25 | CVE-2021-3979 | A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. | Fedora, Ceph_storage, Ceph_storage_for_ibm_z_systems, Ceph_storage_for_power, Openshift_container_storage, Openshift_data_foundation, Openstack_platform | 6.5 | ||
| 2023-03-06 | CVE-2022-3854 | A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. | Ceph_storage | 6.5 | ||
| 2023-03-23 | CVE-2023-0056 | An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | Extra_packages_for_enterprise_linux, Fedora, Haproxy, Ceph_storage, Openshift_container_platform, Openshift_container_platform_for_ibm_linuxone, Openshift_container_platform_for_power, Openshift_container_platform_ibm_z_systems, Software_collections | 6.5 | ||
| 2020-03-31 | CVE-2019-14905 | A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. | Fedora, Backports_sle, Leap, Ansible_engine, Ansible_tower, Ceph_storage, Cloudforms_management_engine, Openstack | 5.6 | ||
| 2020-04-29 | CVE-2020-12458 | An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). | Fedora, Grafana, Ceph_storage, Enterprise_linux | 5.5 | ||
| 2020-05-11 | CVE-2020-10685 | A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the... | Debian_linux, Ansible_engine, Ansible_tower, Ceph_storage, Openstack, Storage | 5.5 | ||
| 2020-06-26 | CVE-2020-10753 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. | Ubuntu_linux, Fedora, Ceph, Leap, Ceph_storage, Openstack | 6.5 | ||
| 2019-11-08 | CVE-2019-10222 | A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. | Ceph, Fedora, Ceph_storage | 7.5 | ||
| 2018-08-01 | CVE-2016-9579 | A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected. | Ceph_storage, Ceph_storage_mon, Ceph_storage_osd, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
| 2018-10-09 | CVE-2018-14649 | It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as... | Ceph\-Iscsi\-Cli, Ceph_storage, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 9.8 |