Vulnerabilities > Ceph

DATE CVE VULNERABILITY TITLE RISK
2021-05-28 CVE-2020-1716 Unspecified vulnerability in Ceph Ceph-Ansible
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services.
network
low complexity
ceph
8.8
2020-12-08 CVE-2020-25677 A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions.
local
low complexity
ceph redhat
5.5
2020-02-07 CVE-2020-1700 Resource Exhaustion vulnerability in multiple products
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects.
network
low complexity
ceph redhat opensuse canonical CWE-400
6.5
2019-11-08 CVE-2019-10222 Improper Handling of Exceptional Conditions vulnerability in multiple products
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests.
network
low complexity
ceph redhat fedoraproject CWE-755
7.5
2019-03-27 CVE-2019-3821 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled.
network
low complexity
ceph canonical CWE-772
7.5
2018-07-27 CVE-2017-7519 Use of Externally-Controlled Format String vulnerability in multiple products
In Ceph, a format string flaw was found in the way libradosstriper parses input from user.
local
low complexity
ceph debian CWE-134
4.4
2018-07-10 CVE-2018-1129 Improper Authentication vulnerability in multiple products
A flaw was found in the way signature calculation was handled by cephx authentication protocol.
low complexity
redhat ceph debian opensuse CWE-287
6.5
2018-07-10 CVE-2018-10861 Improper Authentication vulnerability in multiple products
A flaw was found in the way ceph mon handles user requests.
network
low complexity
ceph redhat opensuse debian CWE-287
8.1
2017-12-12 CVE-2017-12155 Missing Authentication for Critical Function vulnerability in Ceph
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable.
local
high complexity
ceph CWE-306
6.3