An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources.
The information has been provided by Olle Segerdahl
The original article can be found at:https://ceph.io/releases/v15-2-2-octopus-released/
This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks.
Ceph versions 15.2.0 before 15.2.2