Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-14662
HistoryJan 15, 2019 - 12:00 a.m.

CVE-2018-14662

2019-01-1500:00:00
ubuntu.com
ubuntu.com
15
ceph
version
theft
encryption keys
authenticated users

CVSS2

2.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

26.5%

It was found Ceph versions before 13.2.4 that authenticated ceph users with
read only permissions could steal dm-crypt encryption keys used in ceph
disk encryption.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchceph< 12.2.11-0ubuntu0.18.04.1UNKNOWN
ubuntu14.04noarchceph< anyUNKNOWN
ubuntu16.04noarchceph< 10.2.11-0ubuntu0.16.04.2UNKNOWN

CVSS2

2.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

26.5%