CVE-2020-10736

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-10736
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10736.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-10736
Related
Published
2020-06-22T18:15:10Z
Modified
2024-10-12T05:32:35.006915Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

References

Affected packages

Git / github.com/ceph/ceph

Affected ranges

Type
GIT
Repo
https://github.com/ceph/ceph
Events

Affected versions

v15.*

v15.2.0
v15.2.1