CPE-FD301680-83FD-439E-8014-2DB5C651D8F8 Détail

CPE Details

Linux Foundation Ceph 13.2.4

Vendor

linuxfoundation

Product

ceph

Version

13.2.4

Created

2020-05-04
16h21 +00:00

Modifié

2020-05-04
16h21 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:a:linuxfoundation:ceph:13.2.4:::::::*

Informations

Vendor

linuxfoundation

Product

ceph

Version

13.2.4

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2021-20288	2021-04-14 22h00 +00:00	An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	7.2	Haute
CVE-2020-10753	2020-06-25 22h00 +00:00	A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.	6.5	Moyen
CVE-2020-1760	2020-04-22 22h00 +00:00	A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.	6.1	Moyen
CVE-2020-12059	2020-04-21 22h00 +00:00	An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.	7.5	Haute
CVE-2020-1759	2020-04-13 10h04 +00:00	A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.	6.8	Moyen

Linux Foundation Ceph 13.2.4

CPE Details

CPE Name: cpe:2.3:a:linuxfoundation:ceph:13.2.4:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:linuxfoundation:ceph:13.2.4:::::::*