CVE-2020-10736

Published: Jun 22, 2020Modified: Nov 21, 2024

8.0

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

Affected (1)

Products: Linuxfoundation: Ceph

Linuxfoundation

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linuxfoundation Ceph	From 15.2.0 to 15.2.2

Related CWEs

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://ceph.io/releases/v15-2-2-octopus-released/

Source: secalert@redhat.com

Release NotesVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://ceph.io/releases/v15-2-2-octopus-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.