Lucene search

[email protected]NVD:CVE-2018-10861

HistoryJul 10, 2018 - 2:29 p.m.

CVE-2018-10861

2018-07-1014:29:00

CWE-287

CWE-285

[email protected]

web.nvd.nist.gov

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.1%

JSON

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

Affected configurations

NVD

Node

cephcephMatch10.2.0

cephcephMatch10.2.1

cephcephMatch10.2.2

cephcephMatch10.2.3

cephcephMatch10.2.4

cephcephMatch10.2.5

cephcephMatch10.2.6

cephcephMatch10.2.7

cephcephMatch10.2.8

cephcephMatch10.2.9

cephcephMatch10.2.10

cephcephMatch10.2.11

cephcephMatch12.2.0

cephcephMatch12.2.1

cephcephMatch12.2.2

cephcephMatch12.2.3

cephcephMatch12.2.4

cephcephMatch12.2.5

cephcephMatch12.2.6

cephcephMatch12.2.7

cephcephMatch13.2.0

cephcephMatch13.2.1

Node

redhatceph_storageMatch3

redhatceph_storage_monMatch2

redhatceph_storage_monMatch3

redhatceph_storage_osdMatch2

redhatceph_storage_osdMatch3

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

Node

opensuseleapMatch15.0

Node

debiandebian_linuxMatch9.0

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html

tracker.ceph.com/issues/24838

www.securityfocus.com/bid/104742

access.redhat.com/errata/RHSA-2018:2177

access.redhat.com/errata/RHSA-2018:2179

access.redhat.com/errata/RHSA-2018:2261

access.redhat.com/errata/RHSA-2018:2274

bugzilla.redhat.com/show_bug.cgi?id=1593308

github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc

www.debian.org/security/2018/dsa-4339

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.1%

JSON

Related for NVD:CVE-2018-10861

nessus11 debiancve1 photon1 redhatcve1 osv2 prion1 ubuntucve1 veracode1 cve1 cvelist1 openvas8 redhat4 fedora2 suse2