Red Hat · Ceph · CVE-2020-10736
**Name of the Vulnerable Software and Affected Versions**
Ceph versions 15.2.0 through 15.2.1
**Description**
An authorization bypass issue was found in the ceph-mon and ceph-mgr daemons, where they do not properly restrict access. This allows an authenticated client to gain access to unauthorized resources, modify the configuration, and possibly conduct further attacks.
**Recommendations**
For versions 15.2.0 through 15.2.1, update to version 15.2.2 or later to resolve the issue.
As a temporary workaround, consider restricting access to the ceph-mon and ceph-mgr daemons to minimize the risk of exploitation.