GCVE - cpe:2.3:a:[unknown]:ceph:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:[unknown]:ceph:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	[Unknown] (`5b07108a-8f0c-5d28-ab99-c4ff62adb460`)
Product	Ceph (`3156450b-fd3a-5bf6-aa49-165a7f16c724`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-1760`	vulnerable	2026-06-03 14:41:58.596642	Details available MEDIUM (5.8) A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. Published: 2020-04-23T00:00:00.000Z Updated: 2024-08-04T06:46:30.894Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760 https://www.openwall.com/lists/oss-security/2020/04/07/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/ https://usn.ubuntu.com/4528-1/ https://security.gentoo.org/glsa/202105-39	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-1700`	vulnerable	2026-06-03 14:41:58.391201	Details available MEDIUM (6.5) A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. Published: 2020-02-07T00:00:00.000Z Updated: 2024-08-04T06:46:30.305Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1700 http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html https://usn.ubuntu.com/4304-1/ https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-10736`	vulnerable	2026-06-03 14:41:00.476978	Details available HIGH (8) An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. Published: 2020-06-22T17:49:38.000Z Updated: 2024-08-04T11:14:14.781Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736 https://ceph.io/releases/v15-2-2-octopus-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3821`	vulnerable	2026-06-03 14:40:27.602382	Details available HIGH (7.5) A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service. Published: 2019-03-27T12:22:00.000Z Updated: 2024-08-04T19:19:18.564Z Open on db.gcve.eu Reference links https://usn.ubuntu.com/4035-1/ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3821 https://github.com/ceph/civetweb/pull/33	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-16846`	vulnerable	2026-06-03 14:38:21.080713	Details available MEDIUM (6.5) It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Published: 2019-01-15T18:00:00.000Z Updated: 2024-08-05T10:32:53.997Z Open on db.gcve.eu Reference links https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html https://usn.ubuntu.com/4035-1/ https://access.redhat.com/errata/RHSA-2019:2538 https://access.redhat.com/errata/RHSA-2019:2541	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-14662`	vulnerable	2026-06-03 14:38:12.396297	Details available LOW (3.5) It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. Published: 2019-01-15T21:00:00.000Z Updated: 2024-08-05T09:38:12.959Z Open on db.gcve.eu Reference links https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662 https://ceph.com/releases/13-2-4-mimic-released http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html https://usn.ubuntu.com/4035-1/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-7519`	vulnerable	2026-06-03 14:37:32.349245	Details available LOW (2.3) In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library. Published: 2018-07-27T14:00:00.000Z Updated: 2024-08-05T16:04:11.820Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/99075 https://www.debian.org/security/2018/dsa-4339 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7519	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.