CVE-2020-10736
HIGHCeph 15.2.0-15.2.1 - Authenticated Authorization Bypass in ceph-mon and ceph-mgr
Title source: llmDescription
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736
Release Notes, Vendor Advisory x_refsource_misc
https://ceph.io/releases/v15-2-2-octopus-released/
Scores
CVSS v3
8.0
EPSS
0.0007
EPSS Percentile
20.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-285
Status
published
Products (1)
linuxfoundation/ceph
15.2.0 - 15.2.2
Published
Jun 22, 2020
Tracked Since
Feb 18, 2026