CVE-2020-27781

EPSS 0.07% · P22 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-27781

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

不充分的凭证保护机制

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenStack 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenStack是美国国家航空航天局（National Aeronautics and Space Administration）和美国Rackspace公司合作研发的一个云平台管理项目。 OpenStack Manila 存在安全漏洞，该漏洞源于DescriptionUser凭据可能会被OpenStack Manila的本地CephFS消费者操纵和窃取，从而导致潜在的特权升级。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Ceph	Ceph 16.2.0	-

II. Public POCs for CVE-2020-27781

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-27781

请登录查看更多情报信息。

Same Patch Batch · n/a · 2020-12-18 · 62 CVEs total

CVE-2020-26174	8.8 HIGH	Tangro Business Workflow 代码问题漏洞
CVE-2020-26175	6.5 MEDIUM	Tangro Business Workflow 授权问题漏洞
CVE-2020-26178	5.3 MEDIUM	Tangro Business Workflow 授权问题漏洞
CVE-2020-26177	4.3 MEDIUM	Tangro Business Workflow 访问控制错误漏洞
CVE-2020-26176	4.3 MEDIUM	Tangro Business Workflow 授权问题漏洞
CVE-2020-26171	4.3 MEDIUM	Tangro Business Workflow 安全漏洞
CVE-2020-26172	4.2 MEDIUM	Tangro Business Workflow 安全漏洞
CVE-2020-26173	3.1 LOW	Tangro Business Workflow 授权问题漏洞
CVE-2020-25610		Mitel Networks MiCollab 访问控制错误漏洞
CVE-2020-35477		MediaWiki 输入验证错误漏洞
CVE-2020-25606		Mitel Networks MiCollab 跨站脚本漏洞
CVE-2020-35480		MediaWiki 信息泄露漏洞
CVE-2020-35479		MediaWiki 跨站脚本漏洞
CVE-2020-35555		LG mobile 安全漏洞
CVE-2020-35554		LG mobile 安全漏洞
CVE-2020-35553		Qualcomm SM8250 安全漏洞
CVE-2020-35552		多款 Samsung 产品默认配置问题漏洞
CVE-2020-35551		多款 Samsung 安全漏洞
CVE-2020-35550		多款 Samsung 产品授权问题漏洞
CVE-2020-35549		多款 Samsung 产品安全漏洞

Showing top 20 of 62 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Ceph

Same vendor: n/a

Same weakness: CWE-522

V. Comments for CVE-2020-27781

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-27781

I. Basic Information for CVE-2020-27781

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-27781

III. Intelligence Information for CVE-2020-27781

Same Patch Batch · n/a · 2020-12-18 · 62 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-27781

Leave a comment