CVE-2020-10736
8.0
HIGH
CVSS 3.1
EPSS 0.10%
Description
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.
How to fix CVE-2020-10736
To remediate CVE-2020-10736, upgrade the affected package to a fixed version below.
- Bitnami/ceph—upgrade to 15.2.2 or later
Is CVE-2020-10736 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 15.2.0, < 15.2.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |