CVE-2015-3010

CVE-2015-3010 affects the toolset ceph-deploy prior to version 1.5.23. Affected component: the file ceph/ceph.client.admin.keyring; its permissions are weakly set to 644, allowing local users to read the file and obtain sensitive information. The vulnerability is limited to local access with the ...

CVE-2015-4053

CVE-2015-4053 affects ceph-deploy prior to 1.5.25, where the admin keyring (/etc/ceph/ceph.client.admin.keyring) is created with world-readable permissions. This allows a local user to read sensitive credentials. Remediation: upgrade ceph-deploy to 1.5.25 or newer (as cited by Red Hat and OSV/GHS...