BIT-ceph-2020-10736

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/ceph/BIT-ceph-2020-10736.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-ceph-2020-10736

Aliases

CVE-2020-10736

Published

2026-03-20T09:05:27.834Z

Modified

2026-03-20T10:00:10.227428Z

Summary

[none]

Details

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

Database specific

{
    "cpes": [
        "cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / ceph

Package

Name: ceph
Purl: pkg:bitnami/ceph

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

15.2.0

Fixed

15.2.2

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/ceph/BIT-ceph-2020-10736.json"