Known Vulnerabilities for products from Ceph
Listed below are 11 of the newest known vulnerabilities associated with the vendor "Ceph".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-25677 | A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. ... | 5.5 - MEDIUM | 2020-12-08 | 2021-03-04 |
| CVE-2020-1716 | A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default password... | 8.8 - HIGH | 2021-05-28 | 2021-06-10 |
| CVE-2020-1700 | A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse ... | 6.5 - MEDIUM | 2020-02-07 | 2023-11-07 |
| CVE-2019-10222 | A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attac... | 7.5 - HIGH | 2019-11-08 | 2023-10-23 |
| CVE-2019-3821 | A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated ... | 7.5 - HIGH | 2019-03-27 | 2020-11-13 |
| CVE-2018-10861 | A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete... | 8.1 - HIGH | 2018-07-10 | 2019-10-09 |
| CVE-2018-1129 | A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ... | 6.5 - MEDIUM | 2018-07-10 | 2019-08-29 |
| CVE-2017-12155 | A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is c... | 6.3 - MEDIUM | 2017-12-12 | 2019-10-03 |
| CVE-2017-7519 | In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application ... | 4.4 - MEDIUM | 2018-07-27 | 2019-10-09 |
| CVE-2015-4053 | The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which... | 2.1 - LOW | 2015-06-08 | 2015-06-25 |
| CVE-2015-3010 | ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain ... | 2.1 - LOW | 2015-06-16 | 2016-12-03 |
Known software with vulnerabilities from Ceph
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ceph | Ceph | - |
| Application | Ceph | Ceph-ansible | 1.0.0 |
| Application | Ceph | Ceph-deploy | 1.5.22 |
| Application | Ceph | Civetweb | - |