CVE-2015-4053

ceph-deploy < 1.5.25 - Exposure of Sensitive Information via World-Readable Keyring

Title source: llm
STIX 2.1

Description

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74775
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/04/09/9
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/22/1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1092.html
Vendor Advisory x_refsource_confirm
http://tracker.ceph.com/issues/11694

Scores

EPSS 0.0038
EPSS Percentile 30.3%

Details

CWE
CWE-200
Status published
Products (2)
ceph/ceph-deploy < 1.5.22
pypi/ceph-deploy 0 - 1.5.25PyPI
Published Jun 08, 2015
Tracked Since Feb 18, 2026