CVE-2015-4053
ceph-deploy < 1.5.25 - Exposure of Sensitive Information via World-Readable Keyring
Title source: llmDescription
The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74775
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/04/09/9
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/22/1
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1092.html
Vendor Advisory x_refsource_confirm
http://tracker.ceph.com/issues/11694
Scores
EPSS
0.0038
EPSS Percentile
30.3%
Details
CWE
CWE-200
Status
published
Products (2)
ceph/ceph-deploy
< 1.5.22
pypi/ceph-deploy
0 - 1.5.25PyPI
Published
Jun 08, 2015
Tracked Since
Feb 18, 2026