Vulnerabilities > Redhat > Ceph Storage > 3.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-06	CVE-2022-3854	Unspecified vulnerability in Redhat Ceph Storage 3.0/4.0/5.0 A flaw was found in Ceph, relating to the URL processing on RGW backends. network low complexity redhat	6.5
2022-08-25	CVE-2021-3979	Improper Authentication vulnerability in multiple products A key length flaw was found in Red Hat Ceph Storage. network low complexity redhat fedoraproject CWE-287	6.5
2022-07-25	CVE-2022-0670	A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. network low complexity linuxfoundation redhat fedoraproject critical	9.1
2022-03-21	CVE-2022-26148	Cleartext Storage of Sensitive Information vulnerability in multiple products An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. network low complexity grafana redhat CWE-312 critical	9.8
2021-12-08	CVE-2021-4048	An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. network low complexity lapack-project openblas-project julialang redhat fedoraproject critical	9.1
2020-12-18	CVE-2020-27781	Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. local low complexity redhat fedoraproject CWE-522	7.1
2020-12-08	CVE-2020-25677	A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. local low complexity ceph redhat	5.5
2020-09-23	CVE-2020-14365	A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. local low complexity redhat debian	7.1
2020-06-26	CVE-2020-10753	Injection vulnerability in multiple products A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). network low complexity redhat fedoraproject opensuse linuxfoundation canonical CWE-74	6.5
2020-05-11	CVE-2020-10685	Incomplete Cleanup vulnerability in multiple products A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. local low complexity redhat debian CWE-459	5.5