CVE-2018-10861
HIGHCeph - Authenticated Storage Pool Manipulation and Snapshot Corruption
Title source: llmDescription
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
References (10)
Core 10
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2261
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2177
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2179
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2274
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104742
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1593308
Patch, Third Party Advisory x_refsource_confirm
https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4339
Issue Tracking, Vendor Advisory x_refsource_confirm
http://tracker.ceph.com/issues/24838
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
Scores
CVSS v3
8.1
EPSS
0.0079
EPSS Percentile
74.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-287
CWE-285
Status
published
Products (32)
ceph/ceph
10.2.0
ceph/ceph
10.2.1
ceph/ceph
10.2.2
ceph/ceph
10.2.3
ceph/ceph
10.2.4
ceph/ceph
10.2.5
ceph/ceph
10.2.6
ceph/ceph
10.2.7
ceph/ceph
10.2.8
ceph/ceph
10.2.9
... and 22 more
Published
Jul 10, 2018
Tracked Since
Feb 18, 2026