fkie_cve-2018-10861
Vulnerability from fkie_nvd
Published
2018-07-10 14:29
Modified
2024-11-21 03:42
Severity ?
Summary
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ceph | ceph | 10.2.0 | |
| ceph | ceph | 10.2.1 | |
| ceph | ceph | 10.2.2 | |
| ceph | ceph | 10.2.3 | |
| ceph | ceph | 10.2.4 | |
| ceph | ceph | 10.2.5 | |
| ceph | ceph | 10.2.6 | |
| ceph | ceph | 10.2.7 | |
| ceph | ceph | 10.2.8 | |
| ceph | ceph | 10.2.9 | |
| ceph | ceph | 10.2.10 | |
| ceph | ceph | 10.2.11 | |
| ceph | ceph | 12.2.0 | |
| ceph | ceph | 12.2.1 | |
| ceph | ceph | 12.2.2 | |
| ceph | ceph | 12.2.3 | |
| ceph | ceph | 12.2.4 | |
| ceph | ceph | 12.2.5 | |
| ceph | ceph | 12.2.6 | |
| ceph | ceph | 12.2.7 | |
| ceph | ceph | 13.2.0 | |
| ceph | ceph | 13.2.1 | |
| redhat | ceph_storage | 3 | |
| redhat | ceph_storage_mon | 2 | |
| redhat | ceph_storage_mon | 3 | |
| redhat | ceph_storage_osd | 2 | |
| redhat | ceph_storage_osd | 3 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| opensuse | leap | 15.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8901022A-8A84-494A-A5BF-358F2CBBDFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76788B0A-7776-4D0C-B0D7-C855E9A0231E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A925DB4-83DC-45D1-A48B-1675A111213B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D22BA440-CB28-445C-A7F8-CBD6E8965B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A503C653-AFEB-4E5A-872B-AD033C0E2259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C00462A-A1B8-42A7-9336-DE1BF5510B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3505D4E2-4EA8-40A4-A57C-46CCA9922EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "09EC481B-79F0-41DB-B95F-D1A221C96F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31F159B5-AF02-48BE-B994-749F21B9D362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D9684039-7938-405D-B833-4C54BFBD6476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE4350-8F39-4E78-AB25-17DE76FD57AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:10.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2369D2-4413-447C-A0A8-84CA37B1F5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3515BF53-4921-462F-820E-B842BB3FF066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:12.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48067E54-26F5-4020-BCEA-A65C2536618B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:12.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A86B91-78C3-4D02-B7C8-11AAFB1CCCEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:12.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBD084F-4A0B-4231-8465-61F8BE5E57F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:12.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0885F67A-E01B-4BF2-A760-D452B55C5F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:12.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D95E9-52F3-459C-89AD-6FCA6A975085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:12.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "087C6821-9A77-4CC8-8AA0-2C51414D9B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:12.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A667C6AF-76D4-4192-A8BF-395F368EFAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:13.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13BF6806-6E69-4172-9260-2E97FB253339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ceph:ceph:13.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAE0EE4-BBE9-4DBD-84CC-9A72E97E73E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9184616-421F-4EA9-AC1A-A4C95BBAAC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage_mon:2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2EBAD9-F0D5-4176-9C4D-001B230E699E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage_mon:3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2F9BA8-FE0A-43DE-A756-C35A24C3D96E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage_osd:2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5F5227-DBDA-4C01-BF7C-4D53F455404F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage_osd:3:*:*:*:*:*:*:*",
"matchCriteriaId": "A80BACB5-7A56-4BC6-9261-58A3860F4E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected."
},
{
"lang": "es",
"value": "Se ha encontrado un error en la forma en la que ceph mon maneja las peticiones de usuario. Cualquier usuario de ceph autenticado que tenga acceso de lectura en ceph puede eliminar, crear pools de almacenamiento de ceph y corromper im\u00e1genes instant\u00e1neas. Se cree que las ramas de ceph master, mimic, luminous y jewel se han visto afectadas."
}
],
"id": "CVE-2018-10861",
"lastModified": "2024-11-21T03:42:09.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-10T14:29:00.213",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://tracker.ceph.com/issues/24838"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104742"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://tracker.ceph.com/issues/24838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4339"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.