Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-5128-1
Vulnerability from osv_ubuntu
Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access to resources. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-27781)
It was discovered that Ceph contained an authentication flaw, leading to key reuse. An attacker could use this to cause a denial of service or possibly impersonate another user. This issue only affected Ubuntu 21.04. (CVE-2021-20288)
Sergey Bobrov discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. This issue only affected Ubuntu 21.04. (CVE-2021-3509)
Sergey Bobrov discovered that Ceph's RadosGW (Ceph Object Gateway) allowed the injection of HTTP headers in responses to CORS requests. An attacker could use this to violate system integrity. (CVE-2021-3524)
It was discovered that Ceph's RadosGW (Ceph Object Gateway) did not properly handle GET requests for swift URLs in some situations, leading to an application crash. An attacker could use this to cause a denial of service. (CVE-2021-3531)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-27781",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-3524",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-3531",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-base",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-common",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mds",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mgr",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mon",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-osd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-test",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-java",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librados2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libradosstriper1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librbd1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librgw2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "radosgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-mirror",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-nbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@12.2.13-0ubuntu0.18.04.10?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.2.13-0ubuntu0.18.04.10"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.2.0-0ubuntu1",
"12.2.1-0ubuntu1",
"12.2.2-0ubuntu1",
"12.2.2-0ubuntu2",
"12.2.4-0ubuntu1",
"12.2.4-0ubuntu1.1",
"12.2.7-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.2",
"12.2.11-0ubuntu0.18.04.1",
"12.2.11-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.1",
"12.2.12-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.3",
"12.2.12-0ubuntu0.18.04.4",
"12.2.12-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.2",
"12.2.13-0ubuntu0.18.04.3",
"12.2.13-0ubuntu0.18.04.4",
"12.2.13-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.6",
"12.2.13-0ubuntu0.18.04.7",
"12.2.13-0ubuntu0.18.04.8"
]
}
],
"aliases": [],
"details": "Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user\ncredentials in Ceph could be manipulated in certain environments. An\nattacker could use this to gain unintended access to resources. This issue\nonly affected Ubuntu 18.04 LTS. (CVE-2020-27781)\n\nIt was discovered that Ceph contained an authentication flaw, leading to\nkey reuse. An attacker could use this to cause a denial of service or\npossibly impersonate another user. This issue only affected Ubuntu 21.04.\n(CVE-2021-20288)\n\nSergey Bobrov discovered that the Ceph dashboard was susceptible to a\ncross-site scripting attack. An attacker could use this to expose sensitive\ninformation or gain unintended access. This issue only affected Ubuntu\n21.04. (CVE-2021-3509)\n\nSergey Bobrov discovered that Ceph\u0027s RadosGW (Ceph Object Gateway) allowed\nthe injection of HTTP headers in responses to CORS requests. An attacker\ncould use this to violate system integrity. (CVE-2021-3524)\n\nIt was discovered that Ceph\u0027s RadosGW (Ceph Object Gateway) did not\nproperly handle GET requests for swift URLs in some situations, leading to\nan application crash. An attacker could use this to cause a denial of\nservice. (CVE-2021-3531)\n",
"id": "USN-5128-1",
"modified": "2026-04-22T07:37:00Z",
"published": "2021-11-01T22:40:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5128-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27781"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3509"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3524"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3531"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20288"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "ceph vulnerabilities",
"upstream": [
"UBUNTU-CVE-2020-27781",
"UBUNTU-CVE-2021-3509",
"UBUNTU-CVE-2021-3524",
"UBUNTU-CVE-2021-3531",
"UBUNTU-CVE-2021-20288"
]
}
ubuntu-cve-2020-27781
Vulnerability from osv_ubuntu
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-fs-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-mds",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-test",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs-java",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librados2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libradosstriper1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librbd1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librgw2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-cephfs",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-rados",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-rbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "radosgw",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-mirror",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-nbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@10.2.11-0ubuntu0.16.04.3+esm3?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.94.3-0ubuntu2",
"0.94.5-0ubuntu1",
"9.2.0-0ubuntu3",
"9.2.0-0ubuntu4",
"9.2.0-0ubuntu5",
"9.2.0-0ubuntu6",
"10.0.2-0ubuntu1",
"10.0.3-0ubuntu1",
"10.0.5-0ubuntu1",
"10.1.0-0ubuntu1",
"10.1.1-0ubuntu1",
"10.1.2-0ubuntu1",
"10.2.0-0ubuntu0.16.04.1",
"10.2.0-0ubuntu0.16.04.2",
"10.2.2-0ubuntu0.16.04.2",
"10.2.3-0ubuntu0.16.04.2",
"10.2.5-0ubuntu0.16.04.1",
"10.2.6-0ubuntu0.16.04.1",
"10.2.7-0ubuntu0.16.04.1",
"10.2.9-0ubuntu0.16.04.1",
"10.2.10-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.2",
"10.2.11-0ubuntu0.16.04.3",
"10.2.11-0ubuntu0.16.04.3+esm1",
"10.2.11-0ubuntu0.16.04.3+esm2",
"10.2.11-0ubuntu0.16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-base",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-common",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mds",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mgr",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mon",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-osd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-test",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-java",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librados2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libradosstriper1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librbd1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librgw2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "radosgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-mirror",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-nbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@12.2.13-0ubuntu0.18.04.10?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.2.13-0ubuntu0.18.04.10"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.2.0-0ubuntu1",
"12.2.1-0ubuntu1",
"12.2.2-0ubuntu1",
"12.2.2-0ubuntu2",
"12.2.4-0ubuntu1",
"12.2.4-0ubuntu1.1",
"12.2.7-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.2",
"12.2.11-0ubuntu0.18.04.1",
"12.2.11-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.1",
"12.2.12-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.3",
"12.2.12-0ubuntu0.18.04.4",
"12.2.12-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.2",
"12.2.13-0ubuntu0.18.04.3",
"12.2.13-0ubuntu0.18.04.4",
"12.2.13-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.6",
"12.2.13-0ubuntu0.18.04.7",
"12.2.13-0ubuntu0.18.04.8"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even \"admin\" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.",
"id": "UBUNTU-CVE-2020-27781",
"modified": "2026-04-22T07:39:36Z",
"published": "2020-12-18T21:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27781"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5128-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27781"
}
],
"related": [
"USN-4998-1",
"USN-5128-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2020-27781"
]
}
ubuntu-cve-2021-20288
Vulnerability from osv_ubuntu
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ceph",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-common",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-fs-common",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-fuse",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-mds",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "ceph-test",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "libcephfs-java",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "libcephfs1",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "librados2",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "librbd1",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "python-ceph",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "radosgw",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "rbd-fuse",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
},
{
"binary_name": "rest-bench",
"binary_version": "0.80.11-0ubuntu1.14.04.4+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@0.80.11-0ubuntu1.14.04.4+esm4?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.67.4-0ubuntu2",
"0.67.4-0ubuntu3",
"0.72-0ubuntu1",
"0.72.1-0ubuntu1",
"0.72.1-2",
"0.72.1-3",
"0.72.2-1",
"0.72.2-2",
"0.78-0ubuntu1",
"0.79-0ubuntu1",
"0.80.1-0ubuntu1",
"0.80.1-0ubuntu1.1",
"0.80.5-0ubuntu0.14.04.1",
"0.80.7-0ubuntu0.14.04.1",
"0.80.9-0ubuntu0.14.04.1",
"0.80.9-0ubuntu0.14.04.2",
"0.80.10-0ubuntu0.14.04.1",
"0.80.10-0ubuntu1.14.04.2",
"0.80.10-0ubuntu1.14.04.3",
"0.80.11-0ubuntu1.14.04.1",
"0.80.11-0ubuntu1.14.04.2",
"0.80.11-0ubuntu1.14.04.3",
"0.80.11-0ubuntu1.14.04.4",
"0.80.11-0ubuntu1.14.04.4+esm2",
"0.80.11-0ubuntu1.14.04.4+esm3",
"0.80.11-0ubuntu1.14.04.4+esm4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-fs-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-mds",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "ceph-test",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs-java",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libcephfs1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librados2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "libradosstriper1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librbd1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "librgw2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-cephfs",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-rados",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "python-rbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "radosgw",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-mirror",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
},
{
"binary_name": "rbd-nbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@10.2.11-0ubuntu0.16.04.3+esm3?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.94.3-0ubuntu2",
"0.94.5-0ubuntu1",
"9.2.0-0ubuntu3",
"9.2.0-0ubuntu4",
"9.2.0-0ubuntu5",
"9.2.0-0ubuntu6",
"10.0.2-0ubuntu1",
"10.0.3-0ubuntu1",
"10.0.5-0ubuntu1",
"10.1.0-0ubuntu1",
"10.1.1-0ubuntu1",
"10.1.2-0ubuntu1",
"10.2.0-0ubuntu0.16.04.1",
"10.2.0-0ubuntu0.16.04.2",
"10.2.2-0ubuntu0.16.04.2",
"10.2.3-0ubuntu0.16.04.2",
"10.2.5-0ubuntu0.16.04.1",
"10.2.6-0ubuntu0.16.04.1",
"10.2.7-0ubuntu0.16.04.1",
"10.2.9-0ubuntu0.16.04.1",
"10.2.10-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.2",
"10.2.11-0ubuntu0.16.04.3",
"10.2.11-0ubuntu0.16.04.3+esm1",
"10.2.11-0ubuntu0.16.04.3+esm2",
"10.2.11-0ubuntu0.16.04.3+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-base",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-common",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-mds",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-mgr",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-mon",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-osd",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "ceph-test",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "libcephfs-java",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "libcephfs2",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "librados2",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "libradosstriper1",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "librbd1",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "librgw2",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python-ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python3-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python3-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python3-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "python3-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "radosgw",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "rbd-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "rbd-mirror",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
},
{
"binary_name": "rbd-nbd",
"binary_version": "12.2.13-0ubuntu0.18.04.11+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@12.2.13-0ubuntu0.18.04.11+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.2.0-0ubuntu1",
"12.2.1-0ubuntu1",
"12.2.2-0ubuntu1",
"12.2.2-0ubuntu2",
"12.2.4-0ubuntu1",
"12.2.4-0ubuntu1.1",
"12.2.7-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.2",
"12.2.11-0ubuntu0.18.04.1",
"12.2.11-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.1",
"12.2.12-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.3",
"12.2.12-0ubuntu0.18.04.4",
"12.2.12-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.2",
"12.2.13-0ubuntu0.18.04.3",
"12.2.13-0ubuntu0.18.04.4",
"12.2.13-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.6",
"12.2.13-0ubuntu0.18.04.7",
"12.2.13-0ubuntu0.18.04.8",
"12.2.13-0ubuntu0.18.04.10",
"12.2.13-0ubuntu0.18.04.11",
"12.2.13-0ubuntu0.18.04.11+esm1",
"12.2.13-0ubuntu0.18.04.11+esm2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn\u0027t sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "UBUNTU-CVE-2021-20288",
"modified": "2026-04-22T07:39:53Z",
"published": "2021-04-15T15:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20288"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2021/04/14/2"
},
{
"type": "REPORT",
"url": "https://docs.ceph.com/en/latest/security/CVE-2021-20288/#cve-2021-20288"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5128-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20288"
}
],
"related": [
"USN-4998-1",
"USN-5128-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-20288"
]
}
ubuntu-cve-2021-3509
Vulnerability from osv_ubuntu
A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.",
"id": "UBUNTU-CVE-2021-3509",
"modified": "2026-04-22T07:39:46Z",
"published": "2021-05-27T00:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3509"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2021/05/14/4"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5128-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3509"
}
],
"related": [
"USN-4998-1",
"USN-5128-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-3509"
]
}
ubuntu-cve-2021-3524
Vulnerability from osv_ubuntu
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-fs-common",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-mds",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "ceph-test",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "libcephfs-java",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "libcephfs1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "librados2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "libradosstriper1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "librbd1",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "librgw2",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "python-ceph",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "python-cephfs",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "python-rados",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "python-rbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "radosgw",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "rbd-fuse",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "rbd-mirror",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
},
{
"binary_name": "rbd-nbd",
"binary_version": "10.2.11-0ubuntu0.16.04.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@10.2.11-0ubuntu0.16.04.3+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.2.11-0ubuntu0.16.04.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.94.3-0ubuntu2",
"0.94.5-0ubuntu1",
"9.2.0-0ubuntu3",
"9.2.0-0ubuntu4",
"9.2.0-0ubuntu5",
"9.2.0-0ubuntu6",
"10.0.2-0ubuntu1",
"10.0.3-0ubuntu1",
"10.0.5-0ubuntu1",
"10.1.0-0ubuntu1",
"10.1.1-0ubuntu1",
"10.1.2-0ubuntu1",
"10.2.0-0ubuntu0.16.04.1",
"10.2.0-0ubuntu0.16.04.2",
"10.2.2-0ubuntu0.16.04.2",
"10.2.3-0ubuntu0.16.04.2",
"10.2.5-0ubuntu0.16.04.1",
"10.2.6-0ubuntu0.16.04.1",
"10.2.7-0ubuntu0.16.04.1",
"10.2.9-0ubuntu0.16.04.1",
"10.2.10-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.1",
"10.2.11-0ubuntu0.16.04.2",
"10.2.11-0ubuntu0.16.04.3",
"10.2.11-0ubuntu0.16.04.3+esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-base",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-common",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mds",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mgr",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mon",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-osd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-test",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-java",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librados2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libradosstriper1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librbd1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librgw2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "radosgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-mirror",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-nbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@12.2.13-0ubuntu0.18.04.10?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.2.13-0ubuntu0.18.04.10"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.2.0-0ubuntu1",
"12.2.1-0ubuntu1",
"12.2.2-0ubuntu1",
"12.2.2-0ubuntu2",
"12.2.4-0ubuntu1",
"12.2.4-0ubuntu1.1",
"12.2.7-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.2",
"12.2.11-0ubuntu0.18.04.1",
"12.2.11-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.1",
"12.2.12-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.3",
"12.2.12-0ubuntu0.18.04.4",
"12.2.12-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.2",
"12.2.13-0ubuntu0.18.04.3",
"12.2.13-0ubuntu0.18.04.4",
"12.2.13-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.6",
"12.2.13-0ubuntu0.18.04.7",
"12.2.13-0ubuntu0.18.04.8"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \\r as a header separator, thus a new flaw has been created.",
"id": "UBUNTU-CVE-2021-3524",
"modified": "2026-04-22T07:39:46Z",
"published": "2021-05-17T17:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3524"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5128-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3524"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7706-1"
}
],
"related": [
"USN-4998-1",
"USN-5128-1",
"USN-7706-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-3524"
]
}
ubuntu-cve-2021-3531
Vulnerability from osv_ubuntu
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-base",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-common",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mds",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mgr",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-mon",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-osd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "ceph-test",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-java",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libcephfs2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librados2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "libradosstriper1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librbd1",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "librgw2",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-ceph",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-cephfs",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rados",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "python3-rgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "radosgw",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-fuse",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-mirror",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
},
{
"binary_name": "rbd-nbd",
"binary_version": "12.2.13-0ubuntu0.18.04.10"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@12.2.13-0ubuntu0.18.04.10?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.2.13-0ubuntu0.18.04.10"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.2.0-0ubuntu1",
"12.2.1-0ubuntu1",
"12.2.2-0ubuntu1",
"12.2.2-0ubuntu2",
"12.2.4-0ubuntu1",
"12.2.4-0ubuntu1.1",
"12.2.7-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.1",
"12.2.8-0ubuntu0.18.04.2",
"12.2.11-0ubuntu0.18.04.1",
"12.2.11-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.1",
"12.2.12-0ubuntu0.18.04.2",
"12.2.12-0ubuntu0.18.04.3",
"12.2.12-0ubuntu0.18.04.4",
"12.2.12-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.2",
"12.2.13-0ubuntu0.18.04.3",
"12.2.13-0ubuntu0.18.04.4",
"12.2.13-0ubuntu0.18.04.5",
"12.2.13-0ubuntu0.18.04.6",
"12.2.13-0ubuntu0.18.04.7",
"12.2.13-0ubuntu0.18.04.8"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-base",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-immutable-object-cache",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mds",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-dashboard",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-cloud",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-diskprediction-local",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-k8sevents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-modules-core",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mgr-rook",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-mon",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-osd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "ceph-resource-agents",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephadm",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "cephfs-shell",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-java",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs-jni",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libcephfs2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librados2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "libradosstriper1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librbd1",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "librgw2",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-argparse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-ceph-common",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-cephfs",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rados",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "python3-rgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "radosgw",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-fuse",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-mirror",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
},
{
"binary_name": "rbd-nbd",
"binary_version": "15.2.12-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "ceph",
"purl": "pkg:deb/ubuntu/ceph@15.2.12-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.2.12-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"14.2.2-0ubuntu3",
"14.2.2-0ubuntu4",
"14.2.4-0ubuntu1",
"14.2.4-0ubuntu2",
"14.2.4-0ubuntu3",
"15.1.0-0ubuntu2",
"15.1.0-0ubuntu3",
"15.1.1-0ubuntu1",
"15.2.0-0ubuntu1",
"15.2.0-0ubuntu2",
"15.2.1-0ubuntu1",
"15.2.1-0ubuntu2",
"15.2.3-0ubuntu0.20.04.1",
"15.2.3-0ubuntu0.20.04.2",
"15.2.5-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.1",
"15.2.7-0ubuntu0.20.04.2",
"15.2.8-0ubuntu0.20.04.1",
"15.2.11-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.",
"id": "UBUNTU-CVE-2021-3531",
"modified": "2026-04-22T07:39:46Z",
"published": "2021-05-18T12:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3531"
},
{
"type": "REPORT",
"url": "https://www.openwall.com/lists/oss-security/2021/05/14/5"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4998-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5128-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3531"
}
],
"related": [
"USN-4998-1",
"USN-5128-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-3531"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.