PT-2018-10149 · Red Hat+2 · Ceph+2

Published

2018-07-10

Updated

2019-10-09

CVE-2018-10861

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ceph versions master, mimic, luminous, and jewel

Description A flaw was found in the way Ceph handles user requests, allowing any authenticated Ceph user with read access to delete, create Ceph storage pools, and corrupt snapshot images.

Recommendations For versions master, mimic, luminous, and jewel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-287

Related Identifiers

ALT-PU-2018-2306

ALT-PU-2018-2576

CVE-2018-10861

DSA-4339-1

DSA-4339-2

OPENSUSE-SU-2018_2283-1

OPENSUSE-SU-2019:1284-1

OPENSUSE-SU-2019_1284-1

OPENSUSE-SU-2024:10676-1

RHSA-2018:2177

RHSA-2018:2261

SUSE-SU-2018:1920-1

SUSE-SU-2018:2193-1

SUSE-SU-2018:2299-1

SUSE-SU-2018:2478-1

SUSE-SU-2018_2478-1

SUSE-SU-2019:0586-1

SUSE-SU-2019_0586-1

Affected Products

Alt Linux

Ceph

Suse

PT-2018-10149 · Red Hat+2 · Ceph+2

CVE-2018-10861

Weakness Enumeration

Related Identifiers

Affected Products

References · 51