CVE-2018-10861

high

Description

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

References

Advisories
More

https://www.debian.org/security/2018/dsa-4339

https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc

https://bugzilla.redhat.com/show_bug.cgi?id=1593308

https://access.redhat.com/errata/RHSA-2018:2274

https://access.redhat.com/errata/RHSA-2018:2261

https://access.redhat.com/errata/RHSA-2018:2179

https://access.redhat.com/errata/RHSA-2018:2177

http://www.securityfocus.com/bid/104742

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html

http://tracker.ceph.com/issues/24838

Details

Source: Mitre, NVD

Published: 2018-07-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: High

EPSS

EPSS: 0.00865