CVE-2018-10861
Published: 10 July 2018
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ceph Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Not vulnerable
(12.2.7-0ubuntu0.18.04.1)
|
|
| cosmic |
Not vulnerable
(13.2.4+dfsg1-0ubuntu0.18.10.1)
|
|
| disco |
Not vulnerable
(13.2.4+dfsg1-0ubuntu1)
|
|
| eoan |
Not vulnerable
(13.2.4+dfsg1-0ubuntu1)
|
|
| focal |
Not vulnerable
(13.2.4+dfsg1-0ubuntu1)
|
|
| groovy |
Not vulnerable
(13.2.4+dfsg1-0ubuntu1)
|
|
| hirsute |
Not vulnerable
(13.2.4+dfsg1-0ubuntu1)
|
|
| impish |
Not vulnerable
(13.2.4+dfsg1-0ubuntu1)
|
|
| jammy |
Not vulnerable
(13.2.4+dfsg1-0ubuntu1)
|
|
| kinetic |
Not vulnerable
(13.2.4+dfsg1-0ubuntu1)
|
|
| lunar |
Not vulnerable
(13.2.4+dfsg1-0ubuntu1)
|
|
| mantic |
Not vulnerable
(13.2.4+dfsg1-0ubuntu1)
|
|
| trusty |
Needed
|
|
| upstream |
Released
(10.2.11, 12.2.6)
|
|
| xenial |
Not vulnerable
(10.2.11-0ubuntu0.16.04.1)
|
|
|
Patches: upstream: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc upstream: https://github.com/ceph/ceph/commit/4e1bc0cd6a0aaa76eb1936d1717a4ab07e179da6 upstream: https://github.com/ceph/ceph/commit/c41a2e696e26a7f747afeeeb44f96c322bd739af |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.1 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |