An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python3-rgw-dbgsym": "15.2.7-0ubuntu0.20.04.2", "python3-ceph-argparse": "15.2.7-0ubuntu0.20.04.2", "ceph-mds": "15.2.7-0ubuntu0.20.04.2", "rbd-fuse-dbgsym": "15.2.7-0ubuntu0.20.04.2", "rbd-mirror-dbgsym": "15.2.7-0ubuntu0.20.04.2", "libradospp-dev": "15.2.7-0ubuntu0.20.04.2", "libradosstriper1-dbgsym": "15.2.7-0ubuntu0.20.04.2", "rbd-nbd": "15.2.7-0ubuntu0.20.04.2", "python3-rgw": "15.2.7-0ubuntu0.20.04.2", "ceph-mds-dbgsym": "15.2.7-0ubuntu0.20.04.2", "rados-objclass-dev": "15.2.7-0ubuntu0.20.04.2", "ceph-immutable-object-cache": "15.2.7-0ubuntu0.20.04.2", "ceph-fuse-dbgsym": "15.2.7-0ubuntu0.20.04.2", "rbd-nbd-dbgsym": "15.2.7-0ubuntu0.20.04.2", "ceph-resource-agents": "15.2.7-0ubuntu0.20.04.2", "ceph-mgr": "15.2.7-0ubuntu0.20.04.2", "ceph-mgr-modules-core": "15.2.7-0ubuntu0.20.04.2", "librbd1-dbgsym": "15.2.7-0ubuntu0.20.04.2", "python3-cephfs-dbgsym": "15.2.7-0ubuntu0.20.04.2", "ceph-common": "15.2.7-0ubuntu0.20.04.2", "python3-rbd-dbgsym": "15.2.7-0ubuntu0.20.04.2", "libcephfs2": "15.2.7-0ubuntu0.20.04.2", "ceph-immutable-object-cache-dbgsym": "15.2.7-0ubuntu0.20.04.2", "ceph-mgr-diskprediction-local": "15.2.7-0ubuntu0.20.04.2", "rbd-fuse": "15.2.7-0ubuntu0.20.04.2", "libcephfs-java": "15.2.7-0ubuntu0.20.04.2", "ceph-common-dbgsym": "15.2.7-0ubuntu0.20.04.2", "radosgw": "15.2.7-0ubuntu0.20.04.2", "ceph-mgr-dashboard": "15.2.7-0ubuntu0.20.04.2", "ceph-mgr-k8sevents": "15.2.7-0ubuntu0.20.04.2", "libcephfs-jni": "15.2.7-0ubuntu0.20.04.2", "radosgw-dbgsym": "15.2.7-0ubuntu0.20.04.2", "python3-cephfs": "15.2.7-0ubuntu0.20.04.2", "ceph-osd": "15.2.7-0ubuntu0.20.04.2", "librados-dev": "15.2.7-0ubuntu0.20.04.2", "libradosstriper-dev": "15.2.7-0ubuntu0.20.04.2", "ceph-fuse": "15.2.7-0ubuntu0.20.04.2", "ceph-mgr-dbgsym": "15.2.7-0ubuntu0.20.04.2", "librgw2": "15.2.7-0ubuntu0.20.04.2", "python3-ceph": "15.2.7-0ubuntu0.20.04.2", "librados2": "15.2.7-0ubuntu0.20.04.2", "ceph-mgr-cephadm": "15.2.7-0ubuntu0.20.04.2", "librados-dev-dbgsym": "15.2.7-0ubuntu0.20.04.2", "ceph": "15.2.7-0ubuntu0.20.04.2", "librados2-dbgsym": "15.2.7-0ubuntu0.20.04.2", "ceph-mon": "15.2.7-0ubuntu0.20.04.2", "ceph-mon-dbgsym": "15.2.7-0ubuntu0.20.04.2", "libcephfs2-dbgsym": "15.2.7-0ubuntu0.20.04.2", "librbd-dev": "15.2.7-0ubuntu0.20.04.2", "cephadm": "15.2.7-0ubuntu0.20.04.2", "python3-ceph-common": "15.2.7-0ubuntu0.20.04.2", "rbd-mirror": "15.2.7-0ubuntu0.20.04.2", "ceph-mgr-diskprediction-cloud": "15.2.7-0ubuntu0.20.04.2", "ceph-base-dbgsym": "15.2.7-0ubuntu0.20.04.2", "libcephfs-dev": "15.2.7-0ubuntu0.20.04.2", "ceph-osd-dbgsym": "15.2.7-0ubuntu0.20.04.2", "librbd1": "15.2.7-0ubuntu0.20.04.2", "python3-rados": "15.2.7-0ubuntu0.20.04.2", "python3-rbd": "15.2.7-0ubuntu0.20.04.2", "python3-rados-dbgsym": "15.2.7-0ubuntu0.20.04.2", "cephfs-shell": "15.2.7-0ubuntu0.20.04.2", "libcephfs-jni-dbgsym": "15.2.7-0ubuntu0.20.04.2", "librgw2-dbgsym": "15.2.7-0ubuntu0.20.04.2", "ceph-base": "15.2.7-0ubuntu0.20.04.2", "librgw-dev": "15.2.7-0ubuntu0.20.04.2", "ceph-mgr-rook": "15.2.7-0ubuntu0.20.04.2", "libradosstriper1": "15.2.7-0ubuntu0.20.04.2" } ] }