Detections
Analytics

CVE-2015-3010

low

Description

ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.

References

https://github.com/ceph/ceph-deploy/pull/272

https://github.com/ceph/ceph-deploy/commit/eee56770393bf19ed2dd5389226c6190c08dee3f

https://bugzilla.suse.com/show_bug.cgi?id=920926

http://www.securityfocus.com/bid/74043

http://www.openwall.com/lists/oss-security/2015/04/09/9

http://www.openwall.com/lists/oss-security/2015/04/09/11

http://rhn.redhat.com/errata/RHSA-2015-1092.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155631.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155576.html

Details

Source: Mitre, NVD

Published: 2015-06-16

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

CVSS v4

Base Score: 1.2

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.00071