Ceph — Vulnerabilities & Security Advisories 29

This page aggregates common weakness types for the Ceph product, a distributed storage system developed by Red Hat and the open-source community. It collects vulnerability records spanning from the initial public releases of Ceph through the most recent patches and advisories provided by the vendor. Here, users can track a vendor's security advisories, understand a specific weakness class within the context of distributed object and block storage, and look up a product's comprehensive vulnerability history. The data includes various severities and attack vectors relevant to Ceph’s architecture, such as remote code execution, privilege escalation, and information disclosure flaws found in components like RADOS gateway, OSD, or MDS. By centralizing these findings, the page serves as a reference for security professionals assessing the risk profile of Ceph deployments. It highlights how weaknesses have evolved over time and identifies patterns in how the maintainer addresses reported issues. This resource supports due diligence for enterprises relying on Ceph for scalable storage solutions, enabling them to evaluate past incidents and current mitigation strategies without sifting through disparate sources. The information is derived from official vendor notifications, public CVE databases, and third-party security research, ensuring a broad coverage of known issues. Readers can use this aggregation to compare Ceph’s security posture against industry standards or to inform internal patch management schedules.