CVE-2018-14662
15.01.2019, 21:29
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.Enginsight
| Vendor | Product | Version |
|---|---|---|
| redhat | ceph | 𝑥 < 13.2.4 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| opensuse | leap | 15.0 |
| redhat | ceph_storage | 2.0 |
| redhat | ceph_storage | 3.0 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 19.04 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ceph |
|
Common Weakness Enumeration
- CWE-285 - Improper AuthorizationThe software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References