CVE-2018-14662

CVSS v3.1

5.7

Medium

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ceph versions prior to 13.2.4

Description The issue is related to an authorization procedure error in the Ceph storage system. This error can be exploited by a remote attacker to gain unauthorized access to dm-crypt encryption keys used in Ceph disk encryption. Authenticated Ceph users with read-only permissions can steal these encryption keys.

Recommendations For versions prior to 13.2.4, update to version 13.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the encryption keys or limiting the permissions of authenticated Ceph users to prevent potential exploitation.

Fix

Improper Authorization

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-732

Related Identifiers

ALT-PU-2019-1312

BDU:2020-01537

CVE-2018-14662

DLA-1696-1

DLA-2735-1

OPENSUSE-SU-2019:1284-1

OPENSUSE-SU-2019_0306-1

OPENSUSE-SU-2019_1284-1

RHSA-2019:2538

SUSE-SU-2019:0499-1

SUSE-SU-2019:0586-1

USN-4035-1

USN-7706-1

Affected Products

Alt Linux

Ceph

Suse

Ubuntu

CVE-2018-14662

Weakness Enumeration

Related Identifiers

Affected Products

References · 79