CVE-2020-10736

HIGH

Ceph <15.2.2 - Auth Bypass

Title source: llm

Description

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

References (2)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736

[Release Notes, Vendor Advisory] https://ceph.io/releases/v15-2-2-octopus-released/

Scores

CVSS v3 8.0

EPSS 0.0007

EPSS Percentile 20.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-285

Status published

Affected Products (1)

linuxfoundation/ceph < 15.2.2

Timeline

Published Jun 22, 2020

Tracked Since Feb 18, 2026