Vulnerabilities > Redhat > Ceph Storage > 4.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-18	CVE-2020-27781	Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. local low complexity redhat fedoraproject CWE-522	7.1
2020-12-08	CVE-2020-25677	A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. local low complexity ceph redhat	5.5
2020-11-23	CVE-2020-25660	A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. low complexity redhat fedoraproject	8.8
2020-06-26	CVE-2020-10753	Injection vulnerability in multiple products A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). network low complexity redhat fedoraproject opensuse linuxfoundation canonical CWE-74	6.5
2020-04-29	CVE-2020-12458	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An information-disclosure flaw was found in Grafana through 6.7.3. local low complexity grafana redhat fedoraproject CWE-732	5.5
2020-04-23	CVE-2020-1760	Cross-site Scripting vulnerability in multiple products A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. network low complexity linuxfoundation redhat fedoraproject canonical debian CWE-79	6.1
2020-04-21	CVE-2020-1699	Path Traversal vulnerability in multiple products A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. network low complexity linuxfoundation redhat CWE-22	7.5
2020-04-13	CVE-2020-1759	A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. network high complexity redhat linuxfoundation fedoraproject	6.8
2020-03-31	CVE-2020-1712	Use After Free vulnerability in multiple products A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. local low complexity systemd-project redhat debian CWE-416	7.8