Search criteria
19 vulnerabilities found for Ceph by Ceph
CERTFR-2026-AVI-0078
Vulnerability from certfr_avis - Published: 2026-01-22 - Updated: 2026-01-22
Une vulnérabilité a été découverte dans Ceph. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ceph versions 19.x ant\u00e9rieures \u00e0 19.2.4",
"product": {
"name": "Ceph",
"vendor": {
"name": "Ceph",
"scada": false
}
}
},
{
"description": "Ceph versions 20.x ant\u00e9rieures \u00e0 20.2.1",
"product": {
"name": "Ceph",
"vendor": {
"name": "Ceph",
"scada": false
}
}
},
{
"description": "Ceph versions ant\u00e9rieures \u00e0 18.2.9",
"product": {
"name": "Ceph",
"vendor": {
"name": "Ceph",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-31884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31884"
}
],
"initial_release_date": "2026-01-22T00:00:00",
"last_revision_date": "2026-01-22T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0078",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ceph. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Ceph",
"vendor_advisories": [
{
"published_at": "2026-01-21",
"title": "Bulletin de s\u00e9curit\u00e9 Ceph GHSA-xj9f-7g59-m4jx",
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-xj9f-7g59-m4jx"
}
]
}
CVE-2024-47866 (GCVE-0-2024-47866)
Vulnerability from nvd – Published: 2025-11-12 18:28 – Updated: 2025-12-11 15:35
VLAI?
Title
RGW DoS attack with empty HTTP header in S3 object copy
Summary
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-12T19:03:51.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/11/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47866",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:29:41.208745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:35:30.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "ceph",
"versions": [
{
"status": "affected",
"version": "\u003c= 19.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T18:28:18.545Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8"
}
],
"source": {
"advisory": "GHSA-mgrm-g92q-f8h8",
"discovery": "UNKNOWN"
},
"title": "RGW DoS attack with empty HTTP header in S3 object copy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47866",
"datePublished": "2025-11-12T18:28:18.545Z",
"dateReserved": "2024-10-04T16:00:09.628Z",
"dateUpdated": "2025-12-11T15:35:30.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-48916 (GCVE-0-2024-48916)
Vulnerability from nvd – Published: 2025-07-30 19:45 – Updated: 2025-07-30 19:54
VLAI?
Title
Ceph is vulnerable to authentication bypass through RadosGW
Summary
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.
Severity ?
8.1 (High)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48916",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T19:54:31.667804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T19:54:42.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "ceph",
"versions": [
{
"status": "affected",
"version": "\u003c= 19.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has \"none\" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T19:45:00.454Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ceph/ceph/security/advisories/GHSA-5g9m-mmp6-93mq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-5g9m-mmp6-93mq"
}
],
"source": {
"advisory": "GHSA-5g9m-mmp6-93mq",
"discovery": "UNKNOWN"
},
"title": "Ceph is vulnerable to authentication bypass through RadosGW"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-48916",
"datePublished": "2025-07-30T19:45:00.454Z",
"dateReserved": "2024-10-09T22:06:46.172Z",
"dateUpdated": "2025-07-30T19:54:42.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52555 (GCVE-0-2025-52555)
Vulnerability from nvd – Published: 2025-06-26 20:21 – Updated: 2025-11-03 18:13
VLAI?
Title
CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS
Summary
Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3.
Severity ?
6.5 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T20:40:04.617328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T20:40:18.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:06.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "ceph",
"versions": [
{
"status": "affected",
"version": "= 17.2.7"
},
{
"status": "affected",
"version": "\u003e= 18.2.1, \u003c 18.2.5"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 19.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T20:21:05.594Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm"
},
{
"name": "https://github.com/ceph/ceph/pull/60314",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ceph/ceph/pull/60314"
}
],
"source": {
"advisory": "GHSA-89hm-qq33-2fjm",
"discovery": "UNKNOWN"
},
"title": "CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52555",
"datePublished": "2025-06-26T20:21:05.594Z",
"dateReserved": "2025-06-18T03:55:52.034Z",
"dateUpdated": "2025-11-03T18:13:06.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-1700 (GCVE-0-2020-1700)
Vulnerability from nvd – Published: 2020-02-07 00:00 – Updated: 2024-08-04 06:46
VLAI?
Summary
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1700"
},
{
"name": "openSUSE-SU-2020:0187",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html"
},
{
"name": "USN-4304-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4304-1/"
},
{
"name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "14.2.4-125.el8cp"
},
{
"status": "affected",
"version": "14.2.4-51.el7cp"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T18:06:21.214972",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1700"
},
{
"name": "openSUSE-SU-2020:0187",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html"
},
{
"name": "USN-4304-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4304-1/"
},
{
"name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-1700",
"datePublished": "2020-02-07T00:00:00",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10222 (GCVE-0-2019-10222)
Vulnerability from nvd – Published: 2019-11-08 14:45 – Updated: 2025-02-13 16:27
VLAI?
Summary
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Ceph Project | ceph |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:19.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tracker.ceph.com/issues/40018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "The Ceph Project",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T18:06:30.458Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tracker.ceph.com/issues/40018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10222",
"datePublished": "2019-11-08T14:45:41.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:22.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7519 (GCVE-0-2017-7519)
Vulnerability from nvd – Published: 2018-07-27 14:00 – Updated: 2024-08-05 16:04
VLAI?
Summary
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99075"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7519"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T10:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "99075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99075"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7519"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7519",
"datePublished": "2018-07-27T14:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1129 (GCVE-0-2018-1129)
Vulnerability from nvd – Published: 2018-07-10 14:00 – Updated: 2024-09-17 01:45
VLAI?
Summary
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | ceph |
Affected:
all versions in branches master, mimic, luminous and jewel
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
},
{
"name": "RHSA-2018:2179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.ceph.com/issues/24837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "openSUSE-SU-2019:1284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions in branches master, mimic, luminous and jewel"
}
]
}
],
"datePublic": "2018-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T02:06:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
},
{
"name": "RHSA-2018:2179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.ceph.com/issues/24837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "openSUSE-SU-2019:1284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-07-09T00:00:00",
"ID": "CVE-2018-1129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph",
"version": {
"version_data": [
{
"version_value": "all versions in branches master, mimic, luminous and jewel"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2261",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
},
{
"name": "RHSA-2018:2179",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "http://tracker.ceph.com/issues/24837",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/24837"
},
{
"name": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587",
"refsource": "CONFIRM",
"url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
},
{
"name": "DSA-4339",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "openSUSE-SU-2019:1284",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"name": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1129",
"datePublished": "2018-07-10T14:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T01:45:51.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10861 (GCVE-0-2018-10861)
Vulnerability from nvd – Published: 2018-07-10 14:00 – Updated: 2024-09-16 16:28
VLAI?
Summary
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | ceph |
Affected:
all versions in branches master, mimic, luminous and jewel
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "RHSA-2018:2179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "104742",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104742"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.ceph.com/issues/24838"
},
{
"name": "openSUSE-SU-2019:1284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions in branches master, mimic, luminous and jewel"
}
]
}
],
"datePublic": "2018-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-27T23:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "RHSA-2018:2179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "104742",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104742"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.ceph.com/issues/24838"
},
{
"name": "openSUSE-SU-2019:1284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-07-09T00:00:00",
"ID": "CVE-2018-10861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph",
"version": {
"version_data": [
{
"version_value": "all versions in branches master, mimic, luminous and jewel"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2261",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "RHSA-2018:2179",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "104742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104742"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308"
},
{
"name": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc",
"refsource": "CONFIRM",
"url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"
},
{
"name": "DSA-4339",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "http://tracker.ceph.com/issues/24838",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/24838"
},
{
"name": "openSUSE-SU-2019:1284",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10861",
"datePublished": "2018-07-10T14:00:00Z",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-09-16T16:28:46.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12155 (GCVE-0-2017-12155)
Vulnerability from nvd – Published: 2017-12-12 20:00 – Updated: 2024-09-16 17:22
VLAI?
Summary
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
Severity ?
No CVSS data available.
CWE
- Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenStack | openstack-tripleo-heat-templates |
Affected:
Newton, Ocata, Pike and possibly older
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:1593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1593"
},
{
"name": "RHSA-2018:1627",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/tripleo/+bug/1720787"
},
{
"name": "RHSA-2018:0602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openstack-tripleo-heat-templates",
"vendor": "OpenStack",
"versions": [
{
"status": "affected",
"version": "Newton, Ocata, Pike and possibly older"
}
]
}
],
"datePublic": "2017-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-19T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:1593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1593"
},
{
"name": "RHSA-2018:1627",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/tripleo/+bug/1720787"
},
{
"name": "RHSA-2018:0602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-09-20T00:00:00",
"ID": "CVE-2017-12155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openstack-tripleo-heat-templates",
"version": {
"version_data": [
{
"version_value": "Newton, Ocata, Pike and possibly older"
}
]
}
}
]
},
"vendor_name": "OpenStack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1593",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1593"
},
{
"name": "RHSA-2018:1627",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1627"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"
},
{
"name": "https://bugs.launchpad.net/tripleo/+bug/1720787",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/tripleo/+bug/1720787"
},
{
"name": "RHSA-2018:0602",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12155",
"datePublished": "2017-12-12T20:00:00Z",
"dateReserved": "2017-08-01T00:00:00",
"dateUpdated": "2024-09-16T17:22:48.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47866 (GCVE-0-2024-47866)
Vulnerability from cvelistv5 – Published: 2025-11-12 18:28 – Updated: 2025-12-11 15:35
VLAI?
Title
RGW DoS attack with empty HTTP header in S3 object copy
Summary
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-12T19:03:51.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/11/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47866",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:29:41.208745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:35:30.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "ceph",
"versions": [
{
"status": "affected",
"version": "\u003c= 19.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T18:28:18.545Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8"
}
],
"source": {
"advisory": "GHSA-mgrm-g92q-f8h8",
"discovery": "UNKNOWN"
},
"title": "RGW DoS attack with empty HTTP header in S3 object copy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47866",
"datePublished": "2025-11-12T18:28:18.545Z",
"dateReserved": "2024-10-04T16:00:09.628Z",
"dateUpdated": "2025-12-11T15:35:30.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-48916 (GCVE-0-2024-48916)
Vulnerability from cvelistv5 – Published: 2025-07-30 19:45 – Updated: 2025-07-30 19:54
VLAI?
Title
Ceph is vulnerable to authentication bypass through RadosGW
Summary
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.
Severity ?
8.1 (High)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48916",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T19:54:31.667804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T19:54:42.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "ceph",
"versions": [
{
"status": "affected",
"version": "\u003c= 19.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has \"none\" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T19:45:00.454Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ceph/ceph/security/advisories/GHSA-5g9m-mmp6-93mq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-5g9m-mmp6-93mq"
}
],
"source": {
"advisory": "GHSA-5g9m-mmp6-93mq",
"discovery": "UNKNOWN"
},
"title": "Ceph is vulnerable to authentication bypass through RadosGW"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-48916",
"datePublished": "2025-07-30T19:45:00.454Z",
"dateReserved": "2024-10-09T22:06:46.172Z",
"dateUpdated": "2025-07-30T19:54:42.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52555 (GCVE-0-2025-52555)
Vulnerability from cvelistv5 – Published: 2025-06-26 20:21 – Updated: 2025-11-03 18:13
VLAI?
Title
CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS
Summary
Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3.
Severity ?
6.5 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T20:40:04.617328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T20:40:18.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:06.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "ceph",
"versions": [
{
"status": "affected",
"version": "= 17.2.7"
},
{
"status": "affected",
"version": "\u003e= 18.2.1, \u003c 18.2.5"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 19.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T20:21:05.594Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm"
},
{
"name": "https://github.com/ceph/ceph/pull/60314",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ceph/ceph/pull/60314"
}
],
"source": {
"advisory": "GHSA-89hm-qq33-2fjm",
"discovery": "UNKNOWN"
},
"title": "CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52555",
"datePublished": "2025-06-26T20:21:05.594Z",
"dateReserved": "2025-06-18T03:55:52.034Z",
"dateUpdated": "2025-11-03T18:13:06.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-1700 (GCVE-0-2020-1700)
Vulnerability from cvelistv5 – Published: 2020-02-07 00:00 – Updated: 2024-08-04 06:46
VLAI?
Summary
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1700"
},
{
"name": "openSUSE-SU-2020:0187",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html"
},
{
"name": "USN-4304-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4304-1/"
},
{
"name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "14.2.4-125.el8cp"
},
{
"status": "affected",
"version": "14.2.4-51.el7cp"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T18:06:21.214972",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1700"
},
{
"name": "openSUSE-SU-2020:0187",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html"
},
{
"name": "USN-4304-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4304-1/"
},
{
"name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-1700",
"datePublished": "2020-02-07T00:00:00",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10222 (GCVE-0-2019-10222)
Vulnerability from cvelistv5 – Published: 2019-11-08 14:45 – Updated: 2025-02-13 16:27
VLAI?
Summary
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Ceph Project | ceph |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:19.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tracker.ceph.com/issues/40018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "The Ceph Project",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T18:06:30.458Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tracker.ceph.com/issues/40018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10222",
"datePublished": "2019-11-08T14:45:41.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:22.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7519 (GCVE-0-2017-7519)
Vulnerability from cvelistv5 – Published: 2018-07-27 14:00 – Updated: 2024-08-05 16:04
VLAI?
Summary
In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99075"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7519"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T10:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "99075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99075"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7519"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7519",
"datePublished": "2018-07-27T14:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10861 (GCVE-0-2018-10861)
Vulnerability from cvelistv5 – Published: 2018-07-10 14:00 – Updated: 2024-09-16 16:28
VLAI?
Summary
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | ceph |
Affected:
all versions in branches master, mimic, luminous and jewel
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "RHSA-2018:2179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "104742",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104742"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.ceph.com/issues/24838"
},
{
"name": "openSUSE-SU-2019:1284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions in branches master, mimic, luminous and jewel"
}
]
}
],
"datePublic": "2018-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-27T23:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "RHSA-2018:2179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "104742",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104742"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.ceph.com/issues/24838"
},
{
"name": "openSUSE-SU-2019:1284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-07-09T00:00:00",
"ID": "CVE-2018-10861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph",
"version": {
"version_data": [
{
"version_value": "all versions in branches master, mimic, luminous and jewel"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2261",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "RHSA-2018:2179",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "104742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104742"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308"
},
{
"name": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc",
"refsource": "CONFIRM",
"url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"
},
{
"name": "DSA-4339",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "http://tracker.ceph.com/issues/24838",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/24838"
},
{
"name": "openSUSE-SU-2019:1284",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10861",
"datePublished": "2018-07-10T14:00:00Z",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-09-16T16:28:46.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1129 (GCVE-0-2018-1129)
Vulnerability from cvelistv5 – Published: 2018-07-10 14:00 – Updated: 2024-09-17 01:45
VLAI?
Summary
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | ceph |
Affected:
all versions in branches master, mimic, luminous and jewel
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
},
{
"name": "RHSA-2018:2179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.ceph.com/issues/24837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "openSUSE-SU-2019:1284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions in branches master, mimic, luminous and jewel"
}
]
}
],
"datePublic": "2018-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-29T02:06:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
},
{
"name": "RHSA-2018:2179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.ceph.com/issues/24837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
},
{
"name": "DSA-4339",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "openSUSE-SU-2019:1284",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-07-09T00:00:00",
"ID": "CVE-2018-1129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph",
"version": {
"version_data": [
{
"version_value": "all versions in branches master, mimic, luminous and jewel"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2261",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
},
{
"name": "RHSA-2018:2179",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "http://tracker.ceph.com/issues/24837",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/24837"
},
{
"name": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587",
"refsource": "CONFIRM",
"url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
},
{
"name": "DSA-4339",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "openSUSE-SU-2019:1284",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"name": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1129",
"datePublished": "2018-07-10T14:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-17T01:45:51.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12155 (GCVE-0-2017-12155)
Vulnerability from cvelistv5 – Published: 2017-12-12 20:00 – Updated: 2024-09-16 17:22
VLAI?
Summary
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
Severity ?
No CVSS data available.
CWE
- Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenStack | openstack-tripleo-heat-templates |
Affected:
Newton, Ocata, Pike and possibly older
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:16.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:1593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1593"
},
{
"name": "RHSA-2018:1627",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/tripleo/+bug/1720787"
},
{
"name": "RHSA-2018:0602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openstack-tripleo-heat-templates",
"vendor": "OpenStack",
"versions": [
{
"status": "affected",
"version": "Newton, Ocata, Pike and possibly older"
}
]
}
],
"datePublic": "2017-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-19T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:1593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1593"
},
{
"name": "RHSA-2018:1627",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/tripleo/+bug/1720787"
},
{
"name": "RHSA-2018:0602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-09-20T00:00:00",
"ID": "CVE-2017-12155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openstack-tripleo-heat-templates",
"version": {
"version_data": [
{
"version_value": "Newton, Ocata, Pike and possibly older"
}
]
}
}
]
},
"vendor_name": "OpenStack"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1593",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1593"
},
{
"name": "RHSA-2018:1627",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1627"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"
},
{
"name": "https://bugs.launchpad.net/tripleo/+bug/1720787",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/tripleo/+bug/1720787"
},
{
"name": "RHSA-2018:0602",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-12155",
"datePublished": "2017-12-12T20:00:00Z",
"dateReserved": "2017-08-01T00:00:00",
"dateUpdated": "2024-09-16T17:22:48.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}