CVE-2020-10736
Last modified
CVE-2020-10736 is a high-severity vulnerability rated 8/10 on the CVSS scale. An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.
Description
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.
Metrics
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Ceph | >= 15.2.0, < 15.2.2 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736Issue Tracking, Third Party Advisory
- https://ceph.io/releases/v15-2-2-octopus-released/Release Notes, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736Issue Tracking, Third Party Advisory
- https://ceph.io/releases/v15-2-2-octopus-released/Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-10736?
How severe is CVE-2020-10736?
How do I fix CVE-2020-10736?
Are you affected by CVE-2020-10736?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST