CVE-2020-10736

Advisory lineage Upstream: 0 Downstream: 2
Modified
Published: 22 Jun 2020, 17:49
Last modified:04 Aug 2024, 11:14

Vulnerability Summary

Overall Risk (default)
medium
32/100
CVSS Score
8 HIGH
v3.1 (cve.org)
EPSS Score
0.1% LOW
0% probability +0.03%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

22 Jun 2020, 17:49
Published
Vulnerability first disclosed
04 Aug 2024, 11:14
Last Modified
Vulnerability information updated

Description

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

CVSS Metrics

  • v3.1HIGHScore: 8CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • v2.0MEDIUMScore: 5.2AV:A/AC:L/Au:S/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.10% Percentile: 28%

Techniques & Countermeasures

  • CWE-285Improper Authorization

    The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Affected Systems

  • linuxfoundationceph

    ≥ 15.2.0, < 15.2.2

  • [unknown]ceph

    15.2.0 before 15.2.2

References (2)