Notice
This document is for a development version of Ceph.
Past vulnerabilities
Published |
CVE |
Severity |
Summary |
2023-02-02 |
Medium |
DoS from RGW |
|
2023-01-17 |
High |
ceph-crash run as user, not root |
|
2022-07-21 |
Medium |
Native-CephFS Manila Path-restriction bypass |
|
2021-05-13 |
Medium |
Swift API denial of service |
|
2021-05-13 |
Medium |
HTTP header injects via CORS in RGW |
|
2021-05-13 |
High |
Dashboard XSS via token cookie |
|
2021-04-14 |
High |
Unauthorized global_id reuse in cephx |
|
2020-12-18 |
7.1 High |
CephFS creds read/modified by Manila users |
|
2021-01-08 |
4.9 Medium |
mgr module passwords in clear text |
|
2020-12-07 |
5.5 Medium |
ceph-ansible iscsi-gateway.conf perm |
|
2020-11-23 |
8.8 High |
Cephx replay vulnerability |
|
2020-04-22 |
7.5 High |
malformed POST could crash RGW |
|
2020-06-26 |
6.5 Medium |
HTTP header injects via CORS in RGW |
|
2020-06-22 |
8.0 High |
authorization bypass in mon and mgr |
|
2020-04-23 |
6.1 Medium |
potential RGW XSS attack |
|
2020-04-13 |
6.8 Medium |
Cephx nonce reuse in secure mode |
|
2020-02-07 |
6.5 Medium |
RGW disconnects leak sockets, can DoS |
|
2020-04-21 |
7.5 High |
Dashboard path traversal flaw |
|
2019-12-23 |
6.5 Medium |
RGW DoS via malformed headers |
|
2019-11-08 |
7.5 High |
Invalid HTTP headers could crash RGW |
|
2019-03-27 |
7.5 High |
RGW file descriptors could be exhausted |
|
2019-01-28 |
7.5 High |
encryption keys logged in plaintext |
|
2019-01-15 |
6.5 Medium |
authenticated RGW users can cause DoS |
|
2019-01-15 |
5.7 Medium |
read-only users could steal dm-crypt keys |
|
2018-07-10 |
8.1 High |
authenticated user can create/delete pools |
|
2018-03-19 |
7.5 High |
malformed headers can cause RGW DoS |
|
2018-07-10 |
6.5 Medium |
network MITM can tamper with messages |
|
2018-07-10 |
7.5 High |
Cephx replay vulnerability |
|
2018-07-27 |
4.4 Medium |
libradosstriper unvalidated format string |
|
2018-08-01 |
7.6 High |
potential RGW XSS attack |
|
2018-07-31 |
6.5 Medium |
malformed POST can DoS RGW |
|
2016-10-03 |
7.5 High |
RGW unauthorized bucket listing |
|
2016-07-12 |
6.5 Medium |
mon command handler DoS |
|
2016-12-03 |
RGW header injection |
Brought to you by the Ceph Foundation
The Ceph Documentation is a community resource funded and hosted by the non-profit Ceph Foundation. If you would like to support this and our other efforts, please consider joining now.