5
CVSSv2

CVE-2018-16889

Published: 28/01/2019 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

Vulnerability Trend

Vendor Advisories

Synopsis Moderate: Red Hat Ceph Storage 33 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Ceph Storage 33 on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate ...
Synopsis Moderate: Red Hat Ceph Storage 33 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Ceph Storage 33 on Ubuntu 1604Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulne ...
Debian Bug report logs - #921947 CVE-2018-16846 Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 10 Feb 2019 13:15:02 UTC Severity: important Tags: security, upstream Found in version ceph/12210+dfsg1-1 Fix ...
Debian Bug report logs - #921948 CVE-2018-14662 Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 10 Feb 2019 13:18:02 UTC Severity: important Tags: security, upstream Found in version ceph/12210+dfsg1-1 Fix ...
Debian Bug report logs - #918969 ceph: CVE-2018-16889: debug logging for v4 auth does not sanitize encryption keys Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 Jan 2019 08:06:02 UTC Severity: impor ...
Several security issues were fixed in Ceph ...
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem When the candidate has been publicized, the details for this candidate will be provided ...