CVE-2020-10736

描述

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.

受影響套件(1)

• Bitnami/ceph>= 15.2.0, < 15.2.2

CVSS 分數

參考連結(3)

• WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10736
• WEBhttps://ceph.io/releases/v15-2-2-octopus-released/
• WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-10736