Vulnerabilities > Linuxfoundation > Ceph > 14.2.6

DATE CVE VULNERABILITY TITLE RISK
2021-04-15 CVE-2021-20288 Improper Authentication vulnerability in multiple products
An authentication flaw was found in ceph in versions before 14.2.20. 		7.2
7.2
2020-06-26 CVE-2020-10753 Injection vulnerability in multiple products
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). 		6.5
6.5
2020-04-23 CVE-2020-1760 Cross-site Scripting vulnerability in multiple products
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. 		6.1
6.1
2020-04-21 CVE-2020-1699 Path Traversal vulnerability in multiple products
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0.
network
low complexity
linuxfoundation redhat CWE-22
7.5
7.5
2020-04-13 CVE-2020-1759 A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session.
network
high complexity
redhat linuxfoundation fedoraproject
6.8
6.8