ALT-PU-2020-1769-1
Closed vulnerabilities
BDU:2021-03733
Уязвимость системы хранения данных Ceph, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных
Modified: 2024-11-21
CVE-2020-1759
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
Modified: 2024-11-21
CVE-2020-1760
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760
- [debian-lts-announce] 20210810 [SECURITY] [DLA 2735-1] ceph security update
- [debian-lts-announce] 20210810 [SECURITY] [DLA 2735-1] ceph security update
- [debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update
- [debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update
- FEDORA-2020-81b9c6cddc
- FEDORA-2020-81b9c6cddc
- GLSA-202105-39
- GLSA-202105-39
- USN-4528-1
- USN-4528-1
- https://www.openwall.com/lists/oss-security/2020/04/07/1
- https://www.openwall.com/lists/oss-security/2020/04/07/1