A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
References
Link | Resource |
---|---|
https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc | Patch Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1593308 | Issue Tracking Patch Third Party Advisory |
http://tracker.ceph.com/issues/24838 | Issue Tracking Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:2179 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:2177 | Third Party Advisory |
http://www.securityfocus.com/bid/104742 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2018:2274 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:2261 | Third Party Advisory |
https://www.debian.org/security/2018/dsa-4339 | Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2018-07-10 07:29
Updated : 2019-10-09 16:33
NVD link : CVE-2018-10861
Mitre link : CVE-2018-10861
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_workstation
- ceph_storage_osd
- ceph_storage_mon
- ceph_storage
- enterprise_linux_server
ceph
- ceph
opensuse
- leap
debian
- debian_linux