A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete and corrupt snapshot images
Use mon_allow_pool_delete = false in ceph.conf to disable deletion of pools
~]$ for p in rados lspools
do
ceph osd pool set $p nodelete true
done
caveat: This mitigation does not protect against attacker from corrupting snapshot images