Ceph

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-17	CVE-2022-3650	Unspecified vulnerability in Redhat Ceph 16.2.9 A privilege escalation flaw was found in Ceph. local low complexity redhat	7.8
2021-05-26	CVE-2020-27839	Insufficiently Protected Credentials vulnerability in Redhat Ceph A flaw was found in ceph-dashboard. network redhat CWE-522	3.5
2021-05-18	CVE-2021-3531	Reachable Assertion vulnerability in multiple products A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. network low complexity redhat fedoraproject CWE-617	5.3
2021-05-17	CVE-2021-3524	Injection vulnerability in multiple products A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. network low complexity redhat fedoraproject debian CWE-74	6.5
2021-01-08	CVE-2020-25678	Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. local low complexity redhat fedoraproject CWE-312	4.4
2020-12-18	CVE-2020-27781	Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. local low complexity redhat fedoraproject CWE-522	7.1
2020-11-23	CVE-2020-25660	Authentication Bypass by Capture-replay vulnerability in multiple products A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. low complexity redhat fedoraproject CWE-294	8.8
2019-01-28	CVE-2018-16889	Information Exposure Through Log Files vulnerability in Redhat Ceph Ceph does not properly sanitize encryption keys in debug logging for v4 auth. network low complexity redhat CWE-532	7.5
2019-01-15	CVE-2018-14662	Improper Authorization vulnerability in multiple products It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. low complexity redhat debian opensuse canonical CWE-285	2.7
2019-01-15	CVE-2018-16846	Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. network low complexity redhat debian opensuse canonical CWE-770	4.0