Known Vulnerabilities for Ceph by Redhat
Listed below are 10 of the newest known vulnerabilities associated with "Ceph" by "Redhat".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-3531 | A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL th... | 5.3 - MEDIUM | 2021-05-18 | 2023-11-07 |
| CVE-2021-3524 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is r... | 6.5 - MEDIUM | 2021-05-17 | 2023-11-07 |
| CVE-2020-27839 | A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend applicati... | 5.4 - MEDIUM | 2021-05-26 | 2021-06-03 |
| CVE-2020-27781 | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privile... | 7.1 - HIGH | 2020-12-18 | 2023-11-07 |
| CVE-2020-25678 | A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found ... | 4.4 - MEDIUM | 2021-01-08 | 2023-10-23 |
| CVE-2020-25660 | A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify ... | 8.8 - HIGH | 2020-11-23 | 2023-11-07 |
| CVE-2018-16846 | It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs hol... | 6.5 - MEDIUM | 2019-01-15 | 2022-04-19 |
| CVE-2018-14662 | It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryp... | 5.7 - MEDIUM | 2019-01-15 | 2022-04-19 |
| CVE-2018-7262 | In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle m... | 7.5 - HIGH | 2018-03-19 | 2023-11-07 |
| CVE-2018-1128 | It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. An... | 7.5 - HIGH | 2018-07-10 | 2020-11-17 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Ceph | 9.2.1 | All | All | All |
| Application | Redhat | Ceph | 9.2.0 | All | All | All |
| Application | Redhat | Ceph | 9.1.0 | All | All | All |
| Application | Redhat | Ceph | 9.0.3 | All | All | All |
| Application | Redhat | Ceph | 9.0.2 | All | All | All |
| Application | Redhat | Ceph | 9.0.1 | All | All | All |
| Application | Redhat | Ceph | 9.0.0 | All | All | All |
| Application | Redhat | Ceph | 16.2.0 | All | All | All |
| Application | Redhat | Ceph | 15.2.7 | All | All | All |
| Application | Redhat | Ceph | 15.2.6 | All | All | All |
| Application | Redhat | Ceph | 15.2.5 | All | All | All |
| Application | Redhat | Ceph | 15.2.4 | All | All | All |
| Application | Redhat | Ceph | 15.2.3 | All | All | All |
| Application | Redhat | Ceph | 15.2.2 | All | All | All |
| Application | Redhat | Ceph | 15.2.1 | All | All | All |
| Application | Redhat | Ceph | 15.2.0 | All | All | All |
| Application | Redhat | Ceph | 15.1.1 | All | All | All |
| Application | Redhat | Ceph | 15.1.0 | All | All | All |
| Application | Redhat | Ceph | 15.0.0 | All | All | All |
| Application | Redhat | Ceph | 14.2.15 | All | All | All |