Home

CVE-2018-10861

Description

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score
Exploitation Probability
0.58

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update ceph-ansible-3.0.39-1.el7cp.noarch.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update ceph-base-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update ceph-common-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update ceph-fuse-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update ceph-mds-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update ceph-radosgw-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update ceph-selinux-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update libcephfs1-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update libcephfs1-devel-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update librados2-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update librados2-devel-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update librbd1-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update librbd1-devel-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update librgw2-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update librgw2-devel-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update python-cephfs-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update python-rados-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update python-rbd-10.2.10-28.el7cp.x86_64.rpmLinux
(RHSA-2018:2261) Moderate: Red Hat Ceph Storage 2.5 security, enhancement, and bug fix update rbd-mirror-10.2.10-28.el7cp.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) ceph-common-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) ceph-common-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) ceph-debugsource-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) libcephfs2-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) libcephfs2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) librados2-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) librados2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) libradosstriper1-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) libradosstriper1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) librbd1-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) librbd1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) librgw2-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) librgw2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-cephfs-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-cephfs-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-rados-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-rados-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-rbd-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-rbd-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-rgw-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux
SUSE-SU-2018:2193-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-rgw-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234