PT-2020-12301 · Red Hat+2 · Ceph+2

Josh Durgin

Published

2020-06-22

Updated

2026-03-20

CVE-2020-10736

CVSS v3.1

8.0

High

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ceph versions 15.2.0 through 15.2.1

Description An authorization bypass issue was found in the ceph-mon and ceph-mgr daemons, where they do not properly restrict access. This allows an authenticated client to gain access to unauthorized resources, modify the configuration, and possibly conduct further attacks.

Recommendations For versions 15.2.0 through 15.2.1, update to version 15.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ceph-mon and ceph-mgr daemons to minimize the risk of exploitation.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

BIT-CEPH-2020-10736

CVE-2020-10736

OPENSUSE-SU-2024:10676-1

USN-4706-1

Affected Products

Ceph

Linuxmint

Ubuntu

PT-2020-12301 · Red Hat+2 · Ceph+2

CVE-2020-10736

Weakness Enumeration

Related Identifiers

Affected Products

References · 14