RSS   Podatności dla 'CEPH'   RSS

2021-04-15
 
CVE-2021-20288

CWE-287
 

 
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

 
2020-04-23
 
CVE-2020-1760

CWE-79
 

 
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

 
2020-04-22
 
CVE-2020-12059

CWE-476
 

 
An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

 
2020-04-21
 
CVE-2020-1699

CWE-22
 

 
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

 

 >>> Vendor: Linuxfoundation 31 Produkty
Foomatic
Cups-filters
XEN
Foomatic-filters
Open network operating system
RUNC
The update framework
DOJO
Dojox
Argo continuous delivery
CEPH
Free range routing
Jaeger
Osquery
Harbor
ACRN
Nats-server
Containerd
Spinnaker
DEX
Indy-node
BESU
Argo-cd
Umoci
Grpc swift
Cortex
Backstage
Open container initiative distribution specification
Open container initiative image format specification
Fabric
Auth backend


Copyright 2022, cxsecurity.com

 

Back to Top