ceph

Top products

The 14 most recently published vulnerabilities affecting ceph.

• CVE-2024-47866RGW DoS attack with empty HTTP header in S3 object copy7.5Nov 12, 2025
• CVE-2024-48916Ceph is vulnerable to authentication bypass through RadosGW8.1Jul 30, 2025
• CVE-2025-52555CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS6.5Jun 26, 2025
• CVE-2020-1716A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse th...8.8May 28, 2021
• CVE-2020-25677A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information wi...5.5Dec 8, 2020
• CVE-2020-1700A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanen...6.5Feb 7, 2020
• CVE-2019-10222A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and te...7.5Nov 8, 2019
• CVE-2019-3821A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exha...7.5Mar 27, 2019
• CVE-2017-7519In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.2.3Jul 27, 2018
• CVE-2018-1129A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able t...6.5Jul 10, 2018
• CVE-2018-10861A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches m...8.1Jul 10, 2018
• CVE-2017-12155A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could ...6.3Dec 12, 2017
• CVE-2015-3010ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.2.1Jun 16, 2015
• CVE-2015-4053The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.2.1Jun 8, 2015