CVE-2018-14662

CWE-285 CWE-732 — Incorrect Permission Assignment12 documents8 sources

Severity

5.7MEDIUM

EPSS

0.1%

top 80.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ceph [unknown] Ceph Canonical Ubuntu Linux +4 more

Timeline

PublishedJan 15

Latest updateAug 20

Description

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages7 packages

▶NVDredhat/ceph< 13.2.4

▶Debianceph< 12.2.11+dfsg1-1+3

▶Ubuntuceph< 10.2.11-0ubuntu0.16.04.2+2

▶CVEListV5[unknown]/ceph13.2.4

▶NVDredhat/ceph_storage2.0, 3.0+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 16.04, 18.10, 19.04

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

ceph vulnerabilities↗2025-08-20

▶

GHSA

GHSA-w2x2-w9fr-cf6g: It was found Ceph versions before 13↗2022-05-13

▶

OSV

ceph vulnerabilities↗2019-06-25

▶

OSV

CVE-2018-14662: It was found Ceph versions before 13↗2019-01-15

▶

CVEList

CVE-2018-14662: It was found Ceph versions before 13↗2019-01-15

▶

📋Vendor Advisories

Ubuntu

Ceph vulnerabilities↗2025-08-20

▶

Ubuntu

Ceph vulnerabilities↗2019-06-25

▶

Red Hat

ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key↗2019-01-07

▶

Debian

CVE-2018-14662: ceph - It was found Ceph versions before 13.2.4 that authenticated ceph users with read...↗2018

▶

💬Community

Bugzilla

CVE-2018-14662 ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key [fedora-all]↗2019-01-14

▶

Bugzilla

CVE-2018-14662 ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key↗2018-10-09

▶