A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HRed Hat Ceph
APPRedhat16.2.9
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
References
Related vulnerabilities
CVE-2024-47866HIGH7.5ten sam produkt
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using ...
CVE-2020-27781HIGH7.1ten sam produkt
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in po...
CVE-2020-25660HIGH8.8ten sam produkt
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it d...
CVE-2018-1128HIGH7.5ten sam produkt
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to re...
CVE-2018-7262HIGH7.5ten sam produkt
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw d...