5.7 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.7 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:S/C:P/I:N/A:N
ceph is vulnerable to information disclosure. An authenticated user with read-only permissions can steal dm-crypt
/ LUKS
key.
lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
access.redhat.com/documentation/en-us/red_hat_ceph_storage/3.3/html/release_notes/index
access.redhat.com/errata/RHSA-2019:2538
access.redhat.com/errata/RHSA-2019:2541
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1337915
bugzilla.redhat.com/show_bug.cgi?id=1572933
bugzilla.redhat.com/show_bug.cgi?id=1599852
bugzilla.redhat.com/show_bug.cgi?id=1627567
bugzilla.redhat.com/show_bug.cgi?id=1628309
bugzilla.redhat.com/show_bug.cgi?id=1628311
bugzilla.redhat.com/show_bug.cgi?id=1631010
bugzilla.redhat.com/show_bug.cgi?id=1636136
bugzilla.redhat.com/show_bug.cgi?id=1639712
bugzilla.redhat.com/show_bug.cgi?id=1644321
bugzilla.redhat.com/show_bug.cgi?id=1644610
bugzilla.redhat.com/show_bug.cgi?id=1644847
bugzilla.redhat.com/show_bug.cgi?id=1651054
bugzilla.redhat.com/show_bug.cgi?id=1656908
bugzilla.redhat.com/show_bug.cgi?id=1659611
bugzilla.redhat.com/show_bug.cgi?id=1661504
bugzilla.redhat.com/show_bug.cgi?id=1666822
bugzilla.redhat.com/show_bug.cgi?id=1668478
bugzilla.redhat.com/show_bug.cgi?id=1668896
bugzilla.redhat.com/show_bug.cgi?id=1668897
bugzilla.redhat.com/show_bug.cgi?id=1669838
bugzilla.redhat.com/show_bug.cgi?id=1670527
bugzilla.redhat.com/show_bug.cgi?id=1670785
bugzilla.redhat.com/show_bug.cgi?id=1677269
bugzilla.redhat.com/show_bug.cgi?id=1680144
bugzilla.redhat.com/show_bug.cgi?id=1680155
bugzilla.redhat.com/show_bug.cgi?id=1685253
bugzilla.redhat.com/show_bug.cgi?id=1685734
bugzilla.redhat.com/show_bug.cgi?id=1686306
bugzilla.redhat.com/show_bug.cgi?id=1695850
bugzilla.redhat.com/show_bug.cgi?id=1696227
bugzilla.redhat.com/show_bug.cgi?id=1696691
bugzilla.redhat.com/show_bug.cgi?id=1696880
bugzilla.redhat.com/show_bug.cgi?id=1700896
bugzilla.redhat.com/show_bug.cgi?id=1701029
bugzilla.redhat.com/show_bug.cgi?id=1702091
bugzilla.redhat.com/show_bug.cgi?id=1702092
bugzilla.redhat.com/show_bug.cgi?id=1702093
bugzilla.redhat.com/show_bug.cgi?id=1702097
bugzilla.redhat.com/show_bug.cgi?id=1702099
bugzilla.redhat.com/show_bug.cgi?id=1702100
bugzilla.redhat.com/show_bug.cgi?id=1702285
bugzilla.redhat.com/show_bug.cgi?id=1702732
bugzilla.redhat.com/show_bug.cgi?id=1703557
bugzilla.redhat.com/show_bug.cgi?id=1704948
bugzilla.redhat.com/show_bug.cgi?id=1705258
bugzilla.redhat.com/show_bug.cgi?id=1705922
bugzilla.redhat.com/show_bug.cgi?id=1708346
bugzilla.redhat.com/show_bug.cgi?id=1708650
bugzilla.redhat.com/show_bug.cgi?id=1708798
bugzilla.redhat.com/show_bug.cgi?id=1709765
bugzilla.redhat.com/show_bug.cgi?id=1710855
bugzilla.redhat.com/show_bug.cgi?id=1713779
bugzilla.redhat.com/show_bug.cgi?id=1714810
bugzilla.redhat.com/show_bug.cgi?id=1714814
bugzilla.redhat.com/show_bug.cgi?id=1715577
bugzilla.redhat.com/show_bug.cgi?id=1715946
bugzilla.redhat.com/show_bug.cgi?id=1717135
bugzilla.redhat.com/show_bug.cgi?id=1718135
bugzilla.redhat.com/show_bug.cgi?id=1718328
bugzilla.redhat.com/show_bug.cgi?id=1719023
bugzilla.redhat.com/show_bug.cgi?id=1720205
bugzilla.redhat.com/show_bug.cgi?id=1720741
bugzilla.redhat.com/show_bug.cgi?id=1721165
bugzilla.redhat.com/show_bug.cgi?id=1722663
bugzilla.redhat.com/show_bug.cgi?id=1722664
bugzilla.redhat.com/show_bug.cgi?id=1725521
bugzilla.redhat.com/show_bug.cgi?id=1725536
bugzilla.redhat.com/show_bug.cgi?id=1732142
bugzilla.redhat.com/show_bug.cgi?id=1732706
bugzilla.redhat.com/show_bug.cgi?id=1734550
bugzilla.redhat.com/show_bug.cgi?id=1739209
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662
ceph.com/releases/13-2-4-mimic-released
lists.debian.org/debian-lts-announce/2019/03/msg00002.html
lists.debian.org/debian-lts-announce/2021/08/msg00013.html
usn.ubuntu.com/4035-1/
5.7 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.7 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:S/C:P/I:N/A:N