摘要:
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.
安全等级: Low
公告ID: KylinSec-SA-2022-1868
发布日期: 2022年8月11日
关联CVE: CVE-2020-10736
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2020-10736 | KY3.4-4A | ceph | Unaffected |
| CVE-2020-10736 | KY3.4-5A | ceph | Unaffected |
| CVE-2020-10736 | KY3.5.1 | ceph | Unaffected |
