Known Vulnerabilities for products from Ceph
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Ceph".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-0670 json | A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla sh... | 9.1 - CRITICAL | 2022-07-25 | 2023-11-07 |
| CVE-2020-25677 json | A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. ... | 5.5 - MEDIUM | 2020-12-08 | 2021-03-04 |
| CVE-2020-1716 json | A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default password... | 8.8 - HIGH | 2021-05-28 | 2021-06-10 |
| CVE-2020-1700 json | A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse ... | 6.5 - MEDIUM | 2020-02-07 | 2023-11-07 |
| CVE-2019-10222 json | A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attac... | 7.5 - HIGH | 2019-11-08 | 2023-10-23 |
| CVE-2019-3821 json | A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated ... | 7.5 - HIGH | 2019-03-27 | 2020-11-13 |
| CVE-2018-10861 json | A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete... | 8.1 - HIGH | 2018-07-10 | 2019-10-09 |
| CVE-2018-1129 json | A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ... | 6.5 - MEDIUM | 2018-07-10 | 2019-08-29 |
| CVE-2017-12155 json | A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is c... | 6.3 - MEDIUM | 2017-12-12 | 2019-10-03 |
| CVE-2017-7519 json | In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application ... | 4.4 - MEDIUM | 2018-07-27 | 2019-10-09 |
| CVE-2015-4053 json | The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which... | 2.1 - LOW | 2015-06-08 | 2015-06-25 |
| CVE-2015-3010 json | ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain ... | 2.1 - LOW | 2015-06-16 | 2016-12-03 |
Known software with vulnerabilities from Ceph
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ceph | Ceph | - |
| Application | Ceph | Ceph-ansible | 1.0.0 |
| Application | Ceph | Ceph-deploy | 1.5.22 |
| Application | Ceph | Civetweb | - |