CVE-2020-10736 - An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the cep

CVE-2020-10736

Summary

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

References

Vulnerable Configurations

cpe:2.3:a:linuxfoundation:ceph:15.2.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:ceph:15.2.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:ceph:15.2.1:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:ceph:15.2.1:*:*:*:*:*:*:*

CVSS

Base:	5.2 (as of 05-08-2022 - 19:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:A/AC:L/Au:S/C:P/I:P/A:P

refmap via4

confirm	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736
misc	https://ceph.io/releases/v15-2-2-octopus-released/

Last major update

05-08-2022 - 19:31

Published

22-06-2020 - 18:15

Last modified

05-08-2022 - 19:31