CVE-2018-16889
5.5
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Ceph Project | ceph | up to v13.2.4 | affected |
Weaknesses
- CWE-532: CWE-532
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/106528
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889
- https://usn.ubuntu.com/4035-1/
- https://access.redhat.com/errata/RHSA-2019:2538
- https://access.redhat.com/errata/RHSA-2019:2541
References
- http://www.securityfocus.com/bid/106528
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889
- https://usn.ubuntu.com/4035-1/
- https://access.redhat.com/errata/RHSA-2019:2538
- https://access.redhat.com/errata/RHSA-2019:2541
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.