{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211396?format=json","vulnerability_id":"VCID-5xnu-s2w7-pubj","summary":"An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.","aliases":[{"alias":"CVE-2020-10736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124895?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=aarch64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=aarch64&distroversion=v3.15&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/124896?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=armhf&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=armhf&distroversion=v3.15&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/124897?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=armv7&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=armv7&distroversion=v3.15&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/124898?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=ppc64le&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=ppc64le&distroversion=v3.15&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/124899?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=s390x&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=s390x&distroversion=v3.15&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/124900?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=x86&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=x86&distroversion=v3.15&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/124901?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=x86_64&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=x86_64&distroversion=v3.15&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/248883?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=aarch64&distroversion=v3.14&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=aarch64&distroversion=v3.14&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/248884?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=armhf&distroversion=v3.14&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=armhf&distroversion=v3.14&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/248885?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=armv7&distroversion=v3.14&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=armv7&distroversion=v3.14&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/248886?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=ppc64le&distroversion=v3.14&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=ppc64le&distroversion=v3.14&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/248887?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=s390x&distroversion=v3.14&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=s390x&distroversion=v3.14&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/248888?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=x86&distroversion=v3.14&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=x86&distroversion=v3.14&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/248889?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=x86_64&distroversion=v3.14&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=x86_64&distroversion=v3.14&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/249663?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=aarch64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=aarch64&distroversion=v3.13&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/249664?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=armhf&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=armhf&distroversion=v3.13&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/249665?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=armv7&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=armv7&distroversion=v3.13&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/249666?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=mips64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=mips64&distroversion=v3.13&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/249667?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=ppc64le&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=ppc64le&distroversion=v3.13&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/249668?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=s390x&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=s390x&distroversion=v3.13&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/249669?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=x86&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=x86&distroversion=v3.13&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/249670?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=x86_64&distroversion=v3.13&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=x86_64&distroversion=v3.13&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/299859?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=aarch64&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=aarch64&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/299860?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=armhf&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=armhf&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/299861?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=armv7&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=armv7&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/299862?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=ppc64le&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/299863?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=s390x&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=s390x&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/299864?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=x86&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/299865?format=json","purl":"pkg:apk/alpine/ceph@15.2.6-r0?arch=x86_64&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph@15.2.6-r0%3Farch=x86_64&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/125345?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=aarch64&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=aarch64&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/125346?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=armhf&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=armhf&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/125347?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=armv7&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=armv7&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/125348?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=ppc64le&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=ppc64le&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/125349?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=s390x&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=s390x&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/125350?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=x86&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/125351?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=x86_64&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=x86_64&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/238151?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=aarch64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=aarch64&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/238152?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=armhf&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=armhf&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/238153?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=armv7&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=armv7&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/238154?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=ppc64le&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/238155?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=s390x&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/238156?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=x86&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=x86&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/238157?format=json","purl":"pkg:apk/alpine/ceph16@15.2.6-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ceph16@15.2.6-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/26871?format=json","purl":"pkg:deb/debian/ceph@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26862?format=json","purl":"pkg:deb/debian/ceph@14.2.21-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26860?format=json","purl":"pkg:deb/debian/ceph@16.2.15%2Bds-0%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@16.2.15%252Bds-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26864?format=json","purl":"pkg:deb/debian/ceph@18.2.7%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@18.2.7%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/26863?format=json","purl":"pkg:deb/debian/ceph@18.2.8%2Bds-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@18.2.8%252Bds-2.1%3Fdistro=trixie"}],"affected_packages":[],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10736.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10736","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27486","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27688","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27713","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27699","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10736"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1833025","reference_id":"1833025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1833025"},{"reference_url":"https://usn.ubuntu.com/4706-1/","reference_id":"USN-4706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4706-1/"}],"weaknesses":[{"cwe_id":285,"name":"Improper Authorization","description":"The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action."}],"exploits":[],"severity_range_score":"8.0 - 8.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xnu-s2w7-pubj"}