Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2020-10736

Published: Jun 22, 2020 | Modified: Nov 07, 2023
CVSS 3.x
8
HIGH
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
5.2 MEDIUM
AV:A/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
8 IMPORTANT
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-10736
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

Affected Software

Name Vendor Start Version End Version
Ceph Linuxfoundation 15.2.0 (including) 15.2.2 (excluding)
Ceph Ubuntu devel *
Ceph Ubuntu eoan *
Ceph Ubuntu focal *
Ceph Ubuntu groovy *
Ceph Ubuntu trusty *
Ceph Ubuntu upstream *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use