Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-4998-1
Vulnerability from osv_ubuntu
It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. (CVE-2020-25678)
Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access. (CVE-2020-27781)
It was discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. (CVE-2020-27839)
It was discovered that Ceph contained an authentication flaw, leading to key reuse. An attacker could use this to cause a denial of service or possibly impersonate another user. (CVE-2021-20288)
Sergey Bobrov discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. (CVE-2021-3509)
Sergey Bobrov discovered that Ceph's RadosGW (Ceph Object Gateway) allowed the injection of HTTP headers in responses to CORS requests. An attacker could use this to violate system integrity. (CVE-2021-3524)
It was discovered that Ceph's RadosGW (Ceph Object Gateway) did not properly handle GET requests for swift URLs in some situations, leading to an application crash. An attacker could use this to cause a denial of service. (CVE-2021-3531)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-25678",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-27781",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-27839",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-3509",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-3524",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-3531",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20288",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "It was discovered that in some situations Ceph logged passwords from the\nmgr module in clear text. An attacker could use this to expose sensitive\ninformation. (CVE-2020-25678)\n\nGoutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user\ncredentials in Ceph could be manipulated in certain environments. An\nattacker could use this to gain unintended access. (CVE-2020-27781)\n\nIt was discovered that the Ceph dashboard was susceptible to a cross-site\nscripting attack. An attacker could use this to expose sensitive\ninformation or gain unintended access. (CVE-2020-27839)\n\nIt was discovered that Ceph contained an authentication flaw, leading to\nkey reuse. An attacker could use this to cause a denial of service or\npossibly impersonate another user. (CVE-2021-20288)\n\nSergey Bobrov discovered that the Ceph dashboard was susceptible to a\ncross-site scripting attack. An attacker could use this to expose sensitive\ninformation or gain unintended access. (CVE-2021-3509)\n\nSergey Bobrov discovered that Ceph\u0027s RadosGW (Ceph Object Gateway) allowed\nthe injection of HTTP headers in responses to CORS requests. An attacker\ncould use this to violate system integrity. (CVE-2021-3524)\n\nIt was discovered that Ceph\u0027s RadosGW (Ceph Object Gateway) did not\nproperly handle GET requests for swift URLs in some situations, leading to\nan application crash. An attacker could use this to cause a denial of\nservice. (CVE-2021-3531)\n",
"id": "USN-4998-1",
"modified": "2026-04-22T07:37:00Z",
"published": "2021-06-25T02:38:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-25678"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27781"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27839"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3509"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3524"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3531"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20288"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "ceph vulnerabilities",
"upstream": [
"UBUNTU-CVE-2020-25678",
"UBUNTU-CVE-2020-27781",
"UBUNTU-CVE-2020-27839",
"UBUNTU-CVE-2021-3509",
"UBUNTU-CVE-2021-3524",
"UBUNTU-CVE-2021-3531",
"UBUNTU-CVE-2021-20288"
]
}
ubuntu-cve-2020-25678
Vulnerability from osv_ubuntu
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.",
"id": "UBUNTU-CVE-2020-25678",
"modified": "2026-04-22T07:39:33Z",
"published": "2021-01-08T18:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-25678"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2020-25678"
},
{
"type": "REPORT",
"url": "https://github.com/ceph/ceph/pull/38479"
},
{
"type": "REPORT",
"url": "https://github.com/ceph/ceph/pull/38620"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25678"
}
],
"related": [
"USN-4998-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-25678"
]
}
ubuntu-cve-2020-27781
Vulnerability from osv_ubuntu
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-fs-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-mds",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-test",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs-java",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librados2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libradosstriper1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librbd1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librgw2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-cephfs",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-rados",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-rbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "radosgw",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-mirror",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-nbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@10.2.11-0ubuntu0.16.04.3+esm3?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.94.3-0ubuntu2",
"0.94.5-0ubuntu1",
"9.2.0-0ubuntu3",
"9.2.0-0ubuntu4",
"9.2.0-0ubuntu5",
"9.2.0-0ubuntu6",
"10.0.2-0ubuntu1",
"10.0.3-0ubuntu1",
"10.0.5-0ubuntu1",
"10.1.0-0ubuntu1",
"10.1.1-0ubuntu1",
"10.1.2-0ubuntu1",
"10.2.0-0ubuntu0.16.04.1",
"10.2.0-0ubuntu0.16.04.2",
"10.2.2-0ubuntu0.16.04.2",
"10.2.3-0ubuntu0.16.04.2",
"10.2.5-0ubuntu0.16.04.1",
"10.2.6-0ubuntu0.16.04.1",
"10.2.7-0ubuntu0.16.04.1",
"10.2.9-0ubuntu0.16.04.1",
"10.2.10-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.2",
"10.2.11-0ubuntu0.16.04.3",
"10.2.11-0ubuntu0.16.04.3+esm1",
"10.2.11-0ubuntu0.16.04.3+esm2",
"10.2.11-0ubuntu0.16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-base",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-common",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mds",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mgr",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mon",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-osd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-test",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-java",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librados2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libradosstriper1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librbd1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librgw2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "radosgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-mirror",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-nbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@12.2.13-0ubuntu0.18.04.10?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.2.13-0ubuntu0.18.04.10"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.2.0-0ubuntu1",
"12.2.1-0ubuntu1",
"12.2.2-0ubuntu1",
"12.2.2-0ubuntu2",
"12.2.4-0ubuntu1",
"12.2.4-0ubuntu1.1",
"12.2.7-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.2",
"12.2.11-0ubuntu0.18.04.1",
"12.2.11-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.1",
"12.2.12-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.3",
"12.2.12-0ubuntu0.18.04.4",
"12.2.12-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.2",
"12.2.13-0ubuntu0.18.04.3",
"12.2.13-0ubuntu0.18.04.4",
"12.2.13-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.6",
"12.2.13-0ubuntu0.18.04.7",
"12.2.13-0ubuntu0.18.04.8"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even \"admin\" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.",
"id": "UBUNTU-CVE-2020-27781",
"modified": "2026-04-22T07:39:36Z",
"published": "2020-12-18T21:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27781"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5128-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27781"
}
],
"related": [
"USN-4998-1",
"USN-5128-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-27781"
]
}
ubuntu-cve-2020-27839
Vulnerability from osv_ubuntu
A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser\u2019s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity.",
"id": "UBUNTU-CVE-2020-27839",
"modified": "2026-04-22T07:39:37Z",
"published": "2021-05-26T22:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27839"
},
{
"type": "REPORT",
"url": "https://github.com/ceph/ceph/pull/38259"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27839"
}
],
"related": [
"USN-4998-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-27839"
]
}
ubuntu-cve-2021-20288
Vulnerability from osv_ubuntu
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ceph",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-common",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-fs-common",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-fuse",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-mds",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-test",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "libcephfs-java",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "libcephfs1",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "librados2",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "librbd1",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "python-ceph",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "radosgw",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "rbd-fuse",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "rest-bench",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@0.80.11-0ubuntu1.14.04.4+esm4?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.67.4-0ubuntu2",
"0.67.4-0ubuntu3",
"0.72-0ubuntu1",
"0.72.1-0ubuntu1",
"0.72.1-2",
"0.72.1-3",
"0.72.2-1",
"0.72.2-2",
"0.78-0ubuntu1",
"0.79-0ubuntu1",
"0.80.1-0ubuntu1",
"0.80.1-0ubuntu1.1",
"0.80.5-0ubuntu0.14.04.1",
"0.80.7-0ubuntu0.14.04.1",
"0.80.9-0ubuntu0.14.04.1",
"0.80.9-0ubuntu0.14.04.2",
"0.80.10-0ubuntu0.14.04.1",
"0.80.10-0ubuntu1.14.04.2",
"0.80.10-0ubuntu1.14.04.3",
"0.80.11-0ubuntu1.14.04.1",
"0.80.11-0ubuntu1.14.04.2",
"0.80.11-0ubuntu1.14.04.3",
"0.80.11-0ubuntu1.14.04.4",
"0.80.11-0ubuntu1.14.04.4+esm2",
"0.80.11-0ubuntu1.14.04.4+esm3",
"0.80.11-0ubuntu1.14.04.4+esm4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-fs-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-mds",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-test",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs-java",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librados2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libradosstriper1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librbd1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librgw2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-cephfs",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-rados",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-rbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "radosgw",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-mirror",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-nbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@10.2.11-0ubuntu0.16.04.3+esm3?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.94.3-0ubuntu2",
"0.94.5-0ubuntu1",
"9.2.0-0ubuntu3",
"9.2.0-0ubuntu4",
"9.2.0-0ubuntu5",
"9.2.0-0ubuntu6",
"10.0.2-0ubuntu1",
"10.0.3-0ubuntu1",
"10.0.5-0ubuntu1",
"10.1.0-0ubuntu1",
"10.1.1-0ubuntu1",
"10.1.2-0ubuntu1",
"10.2.0-0ubuntu0.16.04.1",
"10.2.0-0ubuntu0.16.04.2",
"10.2.2-0ubuntu0.16.04.2",
"10.2.3-0ubuntu0.16.04.2",
"10.2.5-0ubuntu0.16.04.1",
"10.2.6-0ubuntu0.16.04.1",
"10.2.7-0ubuntu0.16.04.1",
"10.2.9-0ubuntu0.16.04.1",
"10.2.10-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.2",
"10.2.11-0ubuntu0.16.04.3",
"10.2.11-0ubuntu0.16.04.3+esm1",
"10.2.11-0ubuntu0.16.04.3+esm2",
"10.2.11-0ubuntu0.16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-base",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-common",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-mds",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-mgr",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-mon",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-osd",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-test",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "libcephfs-java",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "libcephfs2",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "librados2",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "libradosstriper1",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "librbd1",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "librgw2",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python-ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python3-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python3-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python3-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python3-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "radosgw",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "rbd-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "rbd-mirror",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "rbd-nbd",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@12.2.13-0ubuntu0.18.04.11+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.2.0-0ubuntu1",
"12.2.1-0ubuntu1",
"12.2.2-0ubuntu1",
"12.2.2-0ubuntu2",
"12.2.4-0ubuntu1",
"12.2.4-0ubuntu1.1",
"12.2.7-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.2",
"12.2.11-0ubuntu0.18.04.1",
"12.2.11-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.1",
"12.2.12-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.3",
"12.2.12-0ubuntu0.18.04.4",
"12.2.12-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.2",
"12.2.13-0ubuntu0.18.04.3",
"12.2.13-0ubuntu0.18.04.4",
"12.2.13-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.6",
"12.2.13-0ubuntu0.18.04.7",
"12.2.13-0ubuntu0.18.04.8",
"12.2.13-0ubuntu0.18.04.10",
"12.2.13-0ubuntu0.18.04.11",
"12.2.13-0ubuntu0.18.04.11+esm1",
"12.2.13-0ubuntu0.18.04.11+esm2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn\u0027t sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "UBUNTU-CVE-2021-20288",
"modified": "2026-04-22T07:39:53Z",
"published": "2021-04-15T15:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20288"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2021/04/14/2"
},
{
"type": "REPORT",
"url": "https://docs.ceph.com/en/latest/security/CVE-2021-20288/#cve-2021-20288"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5128-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20288"
}
],
"related": [
"USN-4998-1",
"USN-5128-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-20288"
]
}
ubuntu-cve-2021-3509
Vulnerability from osv_ubuntu
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.",
"id": "UBUNTU-CVE-2021-3509",
"modified": "2026-04-22T07:39:46Z",
"published": "2021-05-27T00:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3509"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2021/05/14/4"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5128-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3509"
}
],
"related": [
"USN-4998-1",
"USN-5128-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-3509"
]
}
ubuntu-cve-2021-3524
Vulnerability from osv_ubuntu
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-fs-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-mds",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-test",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "libcephfs-java",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "libcephfs1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "librados2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "libradosstriper1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "librbd1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "librgw2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "python-ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "python-cephfs",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "python-rados",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "python-rbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "radosgw",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "rbd-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "rbd-mirror",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "rbd-nbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@10.2.11-0ubuntu0.16.04.3+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.2.11-0ubuntu0.16.04.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.94.3-0ubuntu2",
"0.94.5-0ubuntu1",
"9.2.0-0ubuntu3",
"9.2.0-0ubuntu4",
"9.2.0-0ubuntu5",
"9.2.0-0ubuntu6",
"10.0.2-0ubuntu1",
"10.0.3-0ubuntu1",
"10.0.5-0ubuntu1",
"10.1.0-0ubuntu1",
"10.1.1-0ubuntu1",
"10.1.2-0ubuntu1",
"10.2.0-0ubuntu0.16.04.1",
"10.2.0-0ubuntu0.16.04.2",
"10.2.2-0ubuntu0.16.04.2",
"10.2.3-0ubuntu0.16.04.2",
"10.2.5-0ubuntu0.16.04.1",
"10.2.6-0ubuntu0.16.04.1",
"10.2.7-0ubuntu0.16.04.1",
"10.2.9-0ubuntu0.16.04.1",
"10.2.10-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.2",
"10.2.11-0ubuntu0.16.04.3",
"10.2.11-0ubuntu0.16.04.3+esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-base",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-common",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mds",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mgr",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mon",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-osd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-test",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-java",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librados2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libradosstriper1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librbd1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librgw2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "radosgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-mirror",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-nbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@12.2.13-0ubuntu0.18.04.10?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.2.13-0ubuntu0.18.04.10"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.2.0-0ubuntu1",
"12.2.1-0ubuntu1",
"12.2.2-0ubuntu1",
"12.2.2-0ubuntu2",
"12.2.4-0ubuntu1",
"12.2.4-0ubuntu1.1",
"12.2.7-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.2",
"12.2.11-0ubuntu0.18.04.1",
"12.2.11-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.1",
"12.2.12-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.3",
"12.2.12-0ubuntu0.18.04.4",
"12.2.12-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.2",
"12.2.13-0ubuntu0.18.04.3",
"12.2.13-0ubuntu0.18.04.4",
"12.2.13-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.6",
"12.2.13-0ubuntu0.18.04.7",
"12.2.13-0ubuntu0.18.04.8"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \\r as a header separator, thus a new flaw has been created.",
"id": "UBUNTU-CVE-2021-3524",
"modified": "2026-04-22T07:39:46Z",
"published": "2021-05-17T17:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3524"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5128-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3524"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7706-1"
}
],
"related": [
"USN-4998-1",
"USN-5128-1",
"USN-7706-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-3524"
]
}
ubuntu-cve-2021-3531
Vulnerability from osv_ubuntu
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-base",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-common",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mds",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mgr",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mon",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-osd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-test",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-java",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librados2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libradosstriper1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librbd1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librgw2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "radosgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-mirror",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-nbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@12.2.13-0ubuntu0.18.04.10?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.2.13-0ubuntu0.18.04.10"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.2.0-0ubuntu1",
"12.2.1-0ubuntu1",
"12.2.2-0ubuntu1",
"12.2.2-0ubuntu2",
"12.2.4-0ubuntu1",
"12.2.4-0ubuntu1.1",
"12.2.7-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.2",
"12.2.11-0ubuntu0.18.04.1",
"12.2.11-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.1",
"12.2.12-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.3",
"12.2.12-0ubuntu0.18.04.4",
"12.2.12-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.2",
"12.2.13-0ubuntu0.18.04.3",
"12.2.13-0ubuntu0.18.04.4",
"12.2.13-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.6",
"12.2.13-0ubuntu0.18.04.7",
"12.2.13-0ubuntu0.18.04.8"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.",
"id": "UBUNTU-CVE-2021-3531",
"modified": "2026-04-22T07:39:46Z",
"published": "2021-05-18T12:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3531"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2021/05/14/5"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5128-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3531"
}
],
"related": [
"USN-4998-1",
"USN-5128-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-3531"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.