PT-2015-6052 · Ceph · Ceph-Deploy

Andreas Stieger

Published

2015-05-31

Updated

2022-05-17

CVE-2015-3010

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ceph-deploy versions prior to 1.5.23

Description The issue allows local users to obtain sensitive information by reading the ceph/ceph.client.admin.keyring file due to weak permissions (644) used by ceph-deploy.

Recommendations For versions prior to 1.5.23, update to version 1.5.23 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the ceph/ceph.client.admin.keyring file to restrict access until a patch is applied.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-3010

GHSA-9W4F-3V37-6F75

PYSEC-2015-2

RHSA-2015:1092

SUSE-SU-2015:1102-1

Affected Products

Ceph-Deploy

PT-2015-6052 · Ceph · Ceph-Deploy

CVE-2015-3010

Weakness Enumeration

Related Identifiers

Affected Products

References · 38