CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-10736

HIGH
8.0
CVSS Severity Score
EPSS Score0.1640%
EPSS Percentile32.25th
Published2020年6月22日
Last Modified2024年11月21日

Vulnerability Description

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

Affected Platforms (CPE)

📦
Linuxfoundation

Ceph

>= 15.2.0 and < 15.2.2

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736
🔗 https://ceph.io/releases/v15-2-2-octopus-released/
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736
🔗 https://ceph.io/releases/v15-2-2-octopus-released/

相關漏洞威脅

CVE-2018-146499.8

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. T...

CVE-2020-17168.8

A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords whi...

CVE-2020-256608.8

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph ...

CVE-2018-108618.1

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, cre...