Описание
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
It was found that authenticated ceph user with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | ceph | Affected | ||
| Red Hat Enterprise Linux 7 | ceph-common | Not affected | ||
| Red Hat Enterprise Linux 8 | ceph | Not affected | ||
| Red Hat Ceph Storage 3.3 | ceph | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | ceph-ansible | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | ceph-iscsi-config | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | cephmetrics | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | libntirpc | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | nfs-ganesha | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | python-crypto | Fixed | RHSA-2019:2538 | 21.08.2019 |
Показывать по
Дополнительная информация
Статус:
3.5 Low
CVSS3
Связанные уязвимости
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
It was found Ceph versions before 13.2.4 that authenticated ceph users ...
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
Уязвимость системы хранения данных Ceph, связанная с ошибкой процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к ключам шифрования dm-crypt
3.5 Low
CVSS3