CyberSec.Space Logo
Back to CVE Browser

CVE-2018-10861

HIGH
8.1
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile10.91th
PublishedJul 10, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

Affected Platforms (CPE)

πŸ“¦
Ceph

Ceph

= 10.2.0
πŸ“¦
Ceph

Ceph

= 10.2.1
πŸ“¦
Ceph

Ceph

= 10.2.2
πŸ“¦
Ceph

Ceph

= 10.2.3
πŸ“¦
Ceph

Ceph

= 10.2.4
πŸ“¦
Ceph

Ceph

= 10.2.5
πŸ“¦
Ceph

Ceph

= 10.2.6
πŸ“¦
Ceph

Ceph

= 10.2.7
πŸ“¦
Ceph

Ceph

= 10.2.8
πŸ“¦
Ceph

Ceph

= 10.2.9
πŸ“¦
Ceph

Ceph

= 10.2.10
πŸ“¦
Ceph

Ceph

= 10.2.11
πŸ“¦
Ceph

Ceph

= 12.2.0
πŸ“¦
Ceph

Ceph

= 12.2.1
πŸ“¦
Ceph

Ceph

= 12.2.2
πŸ“¦
Ceph

Ceph

= 12.2.3
πŸ“¦
Ceph

Ceph

= 12.2.4
πŸ“¦
Ceph

Ceph

= 12.2.5
πŸ“¦
Ceph

Ceph

= 12.2.6
πŸ“¦
Ceph

Ceph

= 12.2.7
πŸ“¦
Ceph

Ceph

= 13.2.0
πŸ“¦
Ceph

Ceph

= 13.2.1
πŸ“¦
Redhat

Ceph Storage

= 3
πŸ“¦
Redhat

Ceph Storage Mon

= 2
πŸ“¦
Redhat

Ceph Storage Mon

= 3
πŸ“¦
Redhat

Ceph Storage Osd

= 2
πŸ“¦
Redhat

Ceph Storage Osd

= 3
πŸ’»
Redhat

Enterprise Linux Desktop

= 7.0
πŸ’»
Redhat

Enterprise Linux Server

= 7.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 7.0
πŸ’»
Opensuse

Leap

= 15.0
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
πŸ”— http://tracker.ceph.com/issues/24838
πŸ”— http://www.securityfocus.com/bid/104742
πŸ”— https://access.redhat.com/errata/RHSA-2018:2177
πŸ”— https://access.redhat.com/errata/RHSA-2018:2179
πŸ”— https://access.redhat.com/errata/RHSA-2018:2261
πŸ”— https://access.redhat.com/errata/RHSA-2018:2274
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1593308

Related Vulnerabilities

CVE-2018-146499.8

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. T...

CVE-2020-256608.8

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph ...

CVE-2020-17168.8

A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords whi...

CVE-2020-107368.0

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do ...