| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2023-43040 | fixed | fixed | fixed | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Improperly verified POST keys |
| CVE-2022-3650 | fixed | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | A privilege escalation flaw was found in Ceph. Ceph-crash.service allo ... |
| CVE-2022-0670 | fixed | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | A flaw was found in Openstack manilla owning a Ceph File system "share ... |
| CVE-2021-20288 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | An authentication flaw was found in ceph in versions before 14.2.20. W ... |
| CVE-2021-3979 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | vulnerable (no DSA) | fixed | fixed | fixed | A key length flaw was found in Red Hat Ceph Storage. An attacker can e ... |
| CVE-2020-27781 | fixed | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | fixed | User credentials can be manipulated and stolen by Native CephFS consum ... |
| CVE-2020-25678 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | A flaw was found in ceph in versions prior to 16.y.z where ceph stores ... |
| CVE-2018-16889 | fixed | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | fixed | Ceph does not properly sanitize encryption keys in debug logging for v ... |
| CVE-2018-10861 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | A flaw was found in the way ceph mon handles user requests. Any authen ... |
| CVE-2018-1129 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | A flaw was found in the way signature calculation was handled by cephx ... |
| CVE-2018-1128 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | It was found that cephx authentication protocol did not verify ceph cl ... |
| Bug | Description |
|---|
| CVE-2022-3854 | A flaw was found in Ceph, relating to the URL processing on RGW backen ... |
| CVE-2021-3531 | A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ... |
| CVE-2021-3524 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ... |
| CVE-2021-3509 | A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ... |
| CVE-2020-27839 | A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for ... |
| CVE-2020-25660 | A flaw was found in the Cephx authentication protocol in versions befo ... |
| CVE-2020-12059 | An issue was discovered in Ceph through 13.2.9. A POST request with an ... |
| CVE-2020-10753 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ... |
| CVE-2020-10736 | An authorization bypass vulnerability was found in Ceph versions 15.2. ... |
| CVE-2020-1760 | A flaw was found in the Ceph Object Gateway, where it supports request ... |
| CVE-2020-1759 | A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Opensh ... |
| CVE-2020-1700 | A flaw was found in the way the Ceph RGW Beast front-end handles unexp ... |
| CVE-2020-1699 | A path traversal flaw was found in the Ceph dashboard implemented in u ... |
| CVE-2019-19337 | A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph ... |
| CVE-2019-10222 | A flaw was found in the Ceph RGW configuration with Beast as the front ... |
| CVE-2019-3821 | A flaw was found in the way civetweb frontend was handling requests fo ... |
| CVE-2018-16846 | It was found in Ceph versions before 13.2.4 that authenticated ceph RG ... |
| CVE-2018-14662 | It was found Ceph versions before 13.2.4 that authenticated ceph users ... |
| CVE-2018-7262 | In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGW ... |
| CVE-2017-16818 | RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticate ... |
| CVE-2017-7519 | In Ceph, a format string flaw was found in the way libradosstriper par ... |
| CVE-2016-9579 | A flaw was found in the way Ceph Object Gateway would process cross-or ... |
| CVE-2016-8626 | A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object ... |
| CVE-2016-7031 | The RGW code in Ceph before 10.0.1, when authenticated-read ACL is app ... |
| CVE-2016-5009 | The handle_command function in mon/Monitor.cc in Ceph allows remote au ... |
| CVE-2015-5245 | CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw o ... |