CyberSec.Space Logo
Back to CVE Browser

CVE-2020-10736

HIGH
8.0
CVSS Severity Score
EPSS Score0.1640%
EPSS Percentile32.25th
PublishedJun 22, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

Affected Platforms (CPE)

πŸ“¦
Linuxfoundation

Ceph

>= 15.2.0 and < 15.2.2

References & Advisories

πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736
πŸ”— https://ceph.io/releases/v15-2-2-octopus-released/
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736
πŸ”— https://ceph.io/releases/v15-2-2-octopus-released/

Related Vulnerabilities

CVE-2018-146499.8

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. T...

CVE-2020-17168.8

A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords whi...

CVE-2020-256608.8

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph ...

CVE-2018-108618.1

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, cre...