CVE-2018-14662
published 2019-01-15CVE-2018-14662: It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk…
medium5.7CVSS 3.1
AVAACLPRLUINSUCHINAN
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | ceph | < ceph 12.2.11+dfsg1-1 (bookworm) | ceph 12.2.11+dfsg1-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| opensuse | leap | — | — |
| redhat | ceph | < 13.2.4 | 13.2.4 |
| redhat | ceph | >= 0 < 12.2.11+dfsg1-1 | 12.2.11+dfsg1-1 |
| redhat | ceph | >= 0 < 12.2.11+dfsg1-1 | 12.2.11+dfsg1-1 |
| redhat | ceph | >= 0 < 12.2.11+dfsg1-1 | 12.2.11+dfsg1-1 |
| redhat | ceph | >= 0 < 12.2.11+dfsg1-1 | 12.2.11+dfsg1-1 |
| redhat | ceph | >= 0 < 10.2.11-0ubuntu0.16.04.2 | 10.2.11-0ubuntu0.16.04.2 |
| redhat | ceph | >= 0 < 0.80.11-0ubuntu1.14.04.4+esm3 | 0.80.11-0ubuntu1.14.04.4+esm3 |
| redhat | ceph | >= 0 < 10.2.11-0ubuntu0.16.04.3+esm2 | 10.2.11-0ubuntu0.16.04.3+esm2 |
| redhat | ceph_storage | — | — |
| redhat | ceph_storage | — | — |
| redhat | enterprise_linux_server | — | — |
CVSS provenance
nvdv3.15.7MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.7MEDIUM