CVE-2020-10753

Related Files

Gentoo Linux Security Advisory 202105-39

Posted May 27, 2021

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-39 - Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. Versions less than 14.2.21 are affected.

tags | advisory, vulnerability

systems | linux, gentoo

advisories | CVE-2020-10753, CVE-2020-1759, CVE-2020-1760, CVE-2020-25660, CVE-2020-25678, CVE-2020-27781, CVE-2021-20288

SHA-256 | 7ab3522f846f6a648172b2520a0ceaea2ea557ede4081b724f6d25d68464c1a9

Download | Favorite | View

Ubuntu Security Notice USN-4706-1

Posted Jan 28, 2021

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4706-1 - Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. Adam Mohammed found that Ceph Object Gateway was vulnerable to HTTP header injection via a CORS ExposeHeader tag. An attacker could use this to gain access or cause a crash. Various other issues were also addressed.

tags | advisory, web

systems | linux, ubuntu

advisories | CVE-2020-10736, CVE-2020-10753, CVE-2020-25660

SHA-256 | 5ca5f6fbb96672b6cacce6e620542245a2be459f209d4b6805ec82e20023821f

Download | Favorite | View

Ubuntu Security Notice USN-4528-1

Posted Sep 22, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4528-1 - Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to perform an HTTP header injection attack. Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remote attacker could possibly use this issue to cause Ceph to crash, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote, web, denial of service

systems | linux, ubuntu

advisories | CVE-2020-10753, CVE-2020-12059, CVE-2020-1760

SHA-256 | 1f8ff8e5a19c6a860564579db5b280092ff21ca26f8f1cdd7b29616059e8da49

Download | Favorite | View

Red Hat Security Advisory 2020-3504-01

Posted Aug 19, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3504-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

tags | advisory

systems | linux, redhat

advisories | CVE-2020-10753

SHA-256 | 8a44610a43fa68798d324828d2851d69963c6600d9a04c6fcd433359710f8d98

Download | Favorite | View

Red Hat Security Advisory 2020-3505-01

Posted Aug 19, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3505-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

tags | advisory

systems | linux, redhat

advisories | CVE-2020-10753

SHA-256 | dfec80f97242ea8e76f690cf34eb5c5ec8fc7cf0cec0668f5baa93848d783f59

Download | Favorite | View

Red Hat Security Advisory 2020-3003-01

Posted Jul 20, 2020

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3003-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss

systems | linux, redhat

advisories | CVE-2020-10753, CVE-2020-1760

SHA-256 | ea9d411a7fd3f0ec0d3a02a0e815cfaa2682c6b3cea190e9bb6d1e32d72ce8a5

Download | Favorite | View