Refine your search
4 vulnerabilities found for Ceph by Ceph
CERTFR-2026-AVI-0078
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Ceph. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ceph versions 19.x ant\u00e9rieures \u00e0 19.2.4",
"product": {
"name": "Ceph",
"vendor": {
"name": "Ceph",
"scada": false
}
}
},
{
"description": "Ceph versions 20.x ant\u00e9rieures \u00e0 20.2.1",
"product": {
"name": "Ceph",
"vendor": {
"name": "Ceph",
"scada": false
}
}
},
{
"description": "Ceph versions ant\u00e9rieures \u00e0 18.2.9",
"product": {
"name": "Ceph",
"vendor": {
"name": "Ceph",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-31884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31884"
}
],
"initial_release_date": "2026-01-22T00:00:00",
"last_revision_date": "2026-01-22T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0078",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ceph. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Ceph",
"vendor_advisories": [
{
"published_at": "2026-01-21",
"title": "Bulletin de s\u00e9curit\u00e9 Ceph GHSA-xj9f-7g59-m4jx",
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-xj9f-7g59-m4jx"
}
]
}
CVE-2024-47866 (GCVE-0-2024-47866)
Vulnerability from cvelistv5
Published
2025-11-12 18:28
Modified
2025-12-11 15:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-12T19:03:51.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/11/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47866",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:29:41.208745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:35:30.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "ceph",
"versions": [
{
"status": "affected",
"version": "\u003c= 19.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T18:28:18.545Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8"
}
],
"source": {
"advisory": "GHSA-mgrm-g92q-f8h8",
"discovery": "UNKNOWN"
},
"title": "RGW DoS attack with empty HTTP header in S3 object copy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47866",
"datePublished": "2025-11-12T18:28:18.545Z",
"dateReserved": "2024-10-04T16:00:09.628Z",
"dateUpdated": "2025-12-11T15:35:30.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-48916 (GCVE-0-2024-48916)
Vulnerability from cvelistv5
Published
2025-07-30 19:45
Modified
2025-07-30 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Summary
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48916",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T19:54:31.667804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T19:54:42.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "ceph",
"versions": [
{
"status": "affected",
"version": "\u003c= 19.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has \"none\" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T19:45:00.454Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ceph/ceph/security/advisories/GHSA-5g9m-mmp6-93mq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-5g9m-mmp6-93mq"
}
],
"source": {
"advisory": "GHSA-5g9m-mmp6-93mq",
"discovery": "UNKNOWN"
},
"title": "Ceph is vulnerable to authentication bypass through RadosGW"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-48916",
"datePublished": "2025-07-30T19:45:00.454Z",
"dateReserved": "2024-10-09T22:06:46.172Z",
"dateUpdated": "2025-07-30T19:54:42.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52555 (GCVE-0-2025-52555)
Vulnerability from cvelistv5
Published
2025-06-26 20:21
Modified
2025-11-03 18:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T20:40:04.617328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T20:40:18.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:06.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ceph",
"vendor": "ceph",
"versions": [
{
"status": "affected",
"version": "= 17.2.7"
},
{
"status": "affected",
"version": "\u003e= 18.2.1, \u003c 18.2.5"
},
{
"status": "affected",
"version": "\u003e= 19.0.0, \u003c 19.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T20:21:05.594Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm"
},
{
"name": "https://github.com/ceph/ceph/pull/60314",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ceph/ceph/pull/60314"
}
],
"source": {
"advisory": "GHSA-89hm-qq33-2fjm",
"discovery": "UNKNOWN"
},
"title": "CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52555",
"datePublished": "2025-06-26T20:21:05.594Z",
"dateReserved": "2025-06-18T03:55:52.034Z",
"dateUpdated": "2025-11-03T18:13:06.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}