6.4 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
52.5%
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
www.securityfocus.com/bid/106528
access.redhat.com/errata/RHSA-2019:2538
access.redhat.com/errata/RHSA-2019:2541
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889
usn.ubuntu.com/4035-1/