Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Ceph Storage
Total 36 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-4048 5 Fedoraproject, Julialang, Lapack Project and 2 more 8 Fedora, Julia, Lapack and 5 more 2022-01-04 6.4 MEDIUM 9.1 CRITICAL
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
CVE-2020-25626 2 Encode, Redhat 2 Django Rest Framework, Ceph Storage 2022-01-01 4.3 MEDIUM 6.1 MEDIUM
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
CVE-2020-10685 2 Debian, Redhat 6 Debian Linux, Ansible Engine, Ansible Tower and 3 more 2021-12-21 1.9 LOW 5.5 MEDIUM
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
CVE-2019-14905 3 Fedoraproject, Opensuse, Redhat 8 Fedora, Backports Sle, Leap and 5 more 2021-11-02 4.6 MEDIUM 5.6 MEDIUM
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.
CVE-2019-19337 1 Redhat 1 Ceph Storage 2021-10-29 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server.
CVE-2020-10753 5 Canonical, Fedoraproject, Linuxfoundation and 2 more 6 Ubuntu Linux, Fedora, Ceph and 3 more 2021-10-26 4.3 MEDIUM 6.5 MEDIUM
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
CVE-2021-3524 3 Debian, Fedoraproject, Redhat 4 Debian Linux, Fedora, Ceph and 1 more 2021-09-20 4.3 MEDIUM 6.5 MEDIUM
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
CVE-2020-1760 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-09-16 4.3 MEDIUM 6.1 MEDIUM
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
CVE-2018-14662 3 Debian, Opensuse, Redhat 4 Debian Linux, Leap, Ceph and 1 more 2021-08-11 2.7 LOW 5.7 MEDIUM
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
CVE-2018-16846 4 Canonical, Debian, Opensuse and 1 more 6 Ubuntu Linux, Debian Linux, Leap and 3 more 2021-08-11 4.0 MEDIUM 6.5 MEDIUM
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
CVE-2019-14864 1 Redhat 5 Ansible, Ansible Tower, Ceph Storage and 2 more 2021-08-07 4.0 MEDIUM 6.5 MEDIUM
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
CVE-2020-14365 1 Redhat 4 Ansible Engine, Ansible Tower, Ceph Storage and 1 more 2021-08-07 6.6 MEDIUM 7.1 HIGH
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.
CVE-2018-1059 3 Canonical, Dpdk, Redhat 9 Ubuntu Linux, Data Plane Development Kit, Ceph Storage and 6 more 2021-08-04 2.9 LOW 6.1 MEDIUM
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
CVE-2020-1759 3 Fedoraproject, Linuxfoundation, Redhat 5 Fedora, Ceph, Ceph Storage and 2 more 2021-08-04 5.8 MEDIUM 6.8 MEDIUM
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
CVE-2019-14859 2 Python-ecdsa Project, Redhat 4 Python-ecdsa, Ceph Storage, Openstack and 1 more 2021-08-04 6.4 MEDIUM 9.1 CRITICAL
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
CVE-2018-10875 4 Canonical, Debian, Redhat and 1 more 11 Ubuntu Linux, Debian Linux, Ansible Engine and 8 more 2021-08-04 4.6 MEDIUM 7.8 HIGH
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
CVE-2020-12458 2 Grafana, Redhat 3 Grafana, Ceph Storage, Enterprise Linux 2021-07-21 2.1 LOW 5.5 MEDIUM
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
CVE-2021-3509 1 Redhat 1 Ceph Storage 2021-06-04 4.3 MEDIUM 6.1 MEDIUM
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
CVE-2020-27781 2 Fedoraproject, Redhat 5 Fedora, Ceph, Ceph Storage and 2 more 2021-06-03 3.6 LOW 7.1 HIGH
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.
CVE-2021-20288 3 Fedoraproject, Linuxfoundation, Redhat 3 Fedora, Ceph, Ceph Storage 2021-06-03 6.5 MEDIUM 7.2 HIGH
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.