Vulnerabilities > Redhat > Ceph Storage > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-10 CVE-2018-1128 Improper Authentication vulnerability in multiple products
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack.
high complexity
redhat debian opensuse CWE-287
7.5
2018-07-10 CVE-2018-10861 Improper Authentication vulnerability in multiple products
A flaw was found in the way ceph mon handles user requests.
network
low complexity
ceph redhat opensuse debian CWE-287
8.1
2016-10-03 CVE-2016-7031 7PK - Security Features vulnerability in multiple products
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
network
low complexity
redhat ceph-project CWE-254
7.5