Описание
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
It was found that Ceph RGW did not properly sanitize encryption keys in debug logging for v4 auth. Encryption keys could be inadvertently disclosed when sharing debug logs.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | ceph | Not affected | ||
| Red Hat Enterprise Linux 7 | ceph-common | Not affected | ||
| Red Hat Enterprise Linux 8 | ceph | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Not affected | ||
| Red Hat Ceph Storage 3.3 | ceph | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | ceph-ansible | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | ceph-iscsi-config | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | cephmetrics | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | libntirpc | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | nfs-ganesha | Fixed | RHSA-2019:2538 | 21.08.2019 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Ceph does not properly sanitize encryption keys in debug logging for v ...
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
5.5 Medium
CVSS3