A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
tracker.ceph.com/issues/24838
www.securityfocus.com/bid/104742
access.redhat.com/errata/RHSA-2018:2177
access.redhat.com/errata/RHSA-2018:2179
access.redhat.com/errata/RHSA-2018:2261
access.redhat.com/errata/RHSA-2018:2274
bugzilla.redhat.com/show_bug.cgi?id=1593308
github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc
www.debian.org/security/2018/dsa-4339