2.7
CVSSv2

CVE-2018-14662

Published: 15/01/2019 Updated: 03/10/2019
CVSS v2 Base Score: 2.7 | Impact Score: 2.9 | Exploitability Score: 5.1
CVSS v3 Base Score: 5.7 | Impact Score: 3.6 | Exploitability Score: 2.1
VMScore: 240
Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

It was found Ceph versions prior to 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

Vulnerability Trend

Vendor Advisories

Synopsis Moderate: Red Hat Ceph Storage 33 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Ceph Storage 33 on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate ...
Synopsis Moderate: Red Hat Ceph Storage 33 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Ceph Storage 33 on Ubuntu 1604Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulne ...
Debian Bug report logs - #921947 CVE-2018-16846 Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 10 Feb 2019 13:15:02 UTC Severity: important Tags: security, upstream Found in version ceph/12210+dfsg1-1 Fix ...
Debian Bug report logs - #921948 CVE-2018-14662 Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 10 Feb 2019 13:18:02 UTC Severity: important Tags: security, upstream Found in version ceph/12210+dfsg1-1 Fix ...
Debian Bug report logs - #918969 ceph: CVE-2018-16889: debug logging for v4 auth does not sanitize encryption keys Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 Jan 2019 08:06:02 UTC Severity: impor ...
Several security issues were fixed in Ceph ...
It was found that authenticated ceph user with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption ...