Ceph Storage

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-15	CVE-2018-14662	Improper Authorization vulnerability in multiple products It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. low complexity redhat debian opensuse canonical CWE-285	2.7
2019-01-15	CVE-2018-16846	Allocation of Resources Without Limits or Throttling vulnerability in multiple products It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. network low complexity redhat debian opensuse canonical CWE-770	4.0
2018-12-13	CVE-2018-19039	Information Exposure vulnerability in multiple products Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. network low complexity grafana redhat netapp CWE-200	4.0
2018-10-09	CVE-2018-14649	Command Injection vulnerability in Redhat products It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. network low complexity redhat CWE-77 critical	9.8
2018-08-29	CVE-2018-15727	Improper Authentication vulnerability in multiple products Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. network low complexity grafana redhat CWE-287	7.5
2018-08-01	CVE-2016-9579	Improper Input Validation vulnerability in Redhat products A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. network low complexity redhat CWE-20	7.5
2018-07-13	CVE-2018-10875	Untrusted Search Path vulnerability in multiple products A flaw was found in ansible. local low complexity redhat debian suse canonical CWE-426	4.6
2018-07-10	CVE-2018-1129	Improper Authentication vulnerability in multiple products A flaw was found in the way signature calculation was handled by cephx authentication protocol. low complexity redhat ceph debian opensuse CWE-287	3.3
2018-07-10	CVE-2018-1128	Improper Authentication vulnerability in multiple products It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. redhat debian opensuse CWE-287	5.4
2018-07-10	CVE-2018-10861	Improper Authentication vulnerability in multiple products A flaw was found in the way ceph mon handles user requests. network low complexity ceph redhat opensuse debian CWE-287	5.5