PT-2015-6052 · Ceph · Ceph-Deploy

Andreas Stieger

Publicado

2015-05-31

Atualizado

2022-05-17

CVE-2015-3010

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ceph-deploy versions prior to 1.5.23

Description The issue allows local users to obtain sensitive information by reading the ceph/ceph.client.admin.keyring file due to weak permissions (644) used by ceph-deploy.

Recommendations For versions prior to 1.5.23, update to version 1.5.23 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the ceph/ceph.client.admin.keyring file to restrict access until a patch is applied.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2015-3010

GHSA-9W4F-3V37-6F75

PYSEC-2015-2

RHSA-2015:1092

SUSE-SU-2015:1102-1

Produtos afetados

Ceph-Deploy

PT-2015-6052 · Ceph · Ceph-Deploy

CVE-2015-3010

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 38