Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
红帽 Red Hat Ceph 授权问题漏洞
Vulnerability Description
Red Hat Ceph是美国红帽(Red Hat)公司的一套Linux PB级分布式文件系统。该系统的主要目标是设计成基于POSIX(可移植操作系统接口)的没有单点故障的分布式文件系统,使数据能容错和无缝的复制。 ceph 存在授权问题漏洞,该漏洞源于攻击者可利用该漏洞可以利用任何用户请求以前与另一个用户相关联的全局id的能力。
CVSS Information
N/A
Vulnerability Type
N/A