Skip to main content

Ceph Storage

34 CVEs product

Monthly

CVE-2025-13601 HIGH POC PATCH CISA This Week

Heap-based buffer overflow in GLib's g_escape_uri_string() function allows local attackers to achieve high-integrity and high-availability impacts through integer overflow in escaped string length calculation. The vulnerability affects Red Hat Enterprise Linux 9.0 and 10.0 across multiple architectures (x86_64, ARM64, IBM Z, PowerPC). Vendor patches are available via multiple RHSA advisories. Publicly available exploit code exists, but EPSS score remains extremely low (0.01%, 1st percentile), suggesting minimal real-world exploitation activity despite the availability of technical details.

Buffer Overflow Integer Overflow Codeready Linux Builder Codeready Linux Builder For Ibm Z Systems Codeready Linux Builder For Power Little Endian +26
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2023-48795 LIB MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js SSH Java +66
NVD GitHub
CVSS 3.1
5.9
EPSS
53.6%
Threat
4.3
CVE-2023-0056 MEDIUM This Month

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Haproxy Ceph Storage Software Collections Openshift Container Platform +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-0670 CRITICAL Act Now

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ceph Ceph Storage Fedora
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-26148 CRITICAL POC THREAT Act Now

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix PHP Grafana Information Disclosure Ceph Storage +1
NVD
CVSS 3.1
9.8
EPSS
53.4%
CVE-2021-4048 CRITICAL PATCH Act Now

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Lapack Openblas Julia +5
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2021-20236 CRITICAL PATCH Act Now

A flaw was found in the ZeroMQ server in versions before 4.3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zeromq Ceph Storage Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-3509 MEDIUM POC PATCH This Month

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Red Hat XSS Ceph Storage
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-3531 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Red Hat Ceph Ceph Storage Fedora
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2021-3524 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat Code Injection Ceph Ceph Storage Fedora +1
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-20288 HIGH PATCH This Week

An authentication flaw was found in ceph in versions before 14.2.20. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ceph Ceph Storage Fedora Debian Linux
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2020-27781 HIGH This Week

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ceph Ceph Storage Openshift Container Platform Openstack Platform +1
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-25677 MEDIUM PATCH This Month

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ceph Ansible Ceph Storage
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-25660 HIGH This Week

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ceph Ceph Storage Openshift Container Platform Fedora
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-25626 PyPI MEDIUM PATCH This Month

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Django Rest Framework Ceph Storage Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-14365 PyPI HIGH PATCH This Week

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Ansible Engine Ansible Tower Ceph Storage +2
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-10753 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Red Hat Ceph Storage Openstack Fedora +3
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-10685 PyPI MEDIUM PATCH This Month

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Hashicorp Information Disclosure Ansible Engine Ansible Tower Ceph Storage +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-12458 Go MEDIUM POC PATCH This Month

An information-disclosure flaw was found in Grafana through 6.7.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Grafana Information Disclosure Ceph Storage Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-1760 MEDIUM PATCH This Month

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ceph Ceph Storage Openshift Container Platform Fedora +2
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-1699 HIGH This Week

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Ceph Ceph Storage
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-1759 MEDIUM PATCH This Month

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Red Hat Ceph Storage Openshift Openstack +2
NVD
CVSS 3.1
6.8
EPSS
1.6%
CVE-2020-1712 HIGH PATCH This Week

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Systemd Ceph Storage +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-19337 MEDIUM This Month

A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Ceph Storage
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-10222 HIGH PATCH This Week

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ceph Ceph Storage Fedora
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2018-19039 MEDIUM PATCH This Month

Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Grafana Information Disclosure Ceph Storage Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
6.5
EPSS
7.3%
CVE-2018-14649 CRITICAL POC PATCH THREAT Act Now

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Red Hat Python Command Injection Enterprise Linux Desktop Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
9.8
EPSS
11.7%
CVE-2018-15727 Go CRITICAL POC PATCH THREAT Act Now

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Grafana Authentication Bypass Ceph Storage
NVD GitHub
CVSS 3.0
9.8
EPSS
64.3%
CVE-2018-10875 PyPI HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage Gluster Storage Openshift +6
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2018-1129 MEDIUM PATCH This Month

A flaw was found in the way signature calculation was handled by cephx authentication protocol. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ceph Storage Ceph Storage Mon Ceph Storage Osd Enterprise Linux +6
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-1128 HIGH PATCH This Week

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure Ceph Storage Ceph Storage Mon Ceph Storage Osd Enterprise Linux +6
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-10861 HIGH PATCH This Week

A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ceph Ceph Storage Ceph Storage Mon Ceph Storage Osd +5
NVD GitHub
CVSS 3.0
8.1
EPSS
3.2%
CVE-2018-1059 MEDIUM This Month

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Ceph Storage Enterprise Linux Fast Datapath Openshift +5
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2016-7031 HIGH POC PATCH This Week

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ceph Ceph Storage
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

Heap-based buffer overflow in GLib's g_escape_uri_string() function allows local attackers to achieve high-integrity and high-availability impacts through integer overflow in escaped string length calculation. The vulnerability affects Red Hat Enterprise Linux 9.0 and 10.0 across multiple architectures (x86_64, ARM64, IBM Z, PowerPC). Vendor patches are available via multiple RHSA advisories. Publicly available exploit code exists, but EPSS score remains extremely low (0.01%, 1st percentile), suggesting minimal real-world exploitation activity despite the availability of technical details.

Buffer Overflow Integer Overflow Codeready Linux Builder +28
NVD VulDB
EPSS 54% 4.3 CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js +68
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Haproxy Ceph Storage +7
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ceph Ceph Storage +1
NVD
EPSS 53% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix PHP Grafana +3
NVD
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Lapack +7
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in the ZeroMQ server in versions before 4.3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zeromq Ceph Storage +2
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Red Hat XSS Ceph Storage
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Red Hat Ceph +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat Code Injection Ceph +3
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

An authentication flaw was found in ceph in versions before 14.2.20. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Ceph Ceph Storage +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ceph Ceph Storage +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ceph Ansible Ceph Storage
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ceph Ceph Storage +2
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Django Rest Framework +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Ansible Engine +4
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Red Hat Ceph Storage +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Hashicorp Information Disclosure Ansible Engine +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

An information-disclosure flaw was found in Grafana through 6.7.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Grafana Information Disclosure Ceph Storage +2
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ceph Ceph Storage +4
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Ceph +1
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Red Hat Ceph Storage +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption +7
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Ceph Storage
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ceph Ceph Storage +1
NVD
EPSS 7% CVSS 6.5
MEDIUM PATCH This Month

Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Grafana Information Disclosure Ceph Storage +5
NVD
EPSS 12% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Red Hat Python Command Injection +5
NVD GitHub
EPSS 64% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Grafana Authentication Bypass Ceph Storage
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage +8
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the way signature calculation was handled by cephx authentication protocol. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ceph Storage Ceph Storage Mon +8
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure Ceph Storage Ceph Storage Mon +8
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ceph Ceph Storage +7
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Ceph Storage +7
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ceph Ceph Storage
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy