CVE-2018-16889
Description
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.068
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) ceph-common-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) ceph-common-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) ceph-debugsource-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) libcephfs2-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) libcephfs2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) librados2-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) librados2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) libradosstriper1-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) libradosstriper1-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) librbd1-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) librbd1-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) librgw2-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) librgw2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) python-cephfs-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) python-cephfs-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) python-rados-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) python-rados-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) python-rbd-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) python-rbd-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) python-rgw-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2364-1(SUSE Linux Enterprise Server 12-SP4 ) python-rgw-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1.x86_64.rpm | Linux |
| (RHSA-2019:2538) Red Hat Ceph Storage 3.3 security, bug fix, and enhancement update ceph-iscsi-config-2.6-19.el7cp.noarch.rpm | Linux |
| (RHSA-2019:2538) Red Hat Ceph Storage 3.3 security, bug fix, and enhancement update libntirpc-1.7.4-1.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:2538) Red Hat Ceph Storage 3.3 security, bug fix, and enhancement update nfs-ganesha-2.7.4-10.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:2538) Red Hat Ceph Storage 3.3 security, bug fix, and enhancement update nfs-ganesha-ceph-2.7.4-10.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:2538) Red Hat Ceph Storage 3.3 security, bug fix, and enhancement update nfs-ganesha-rgw-2.7.4-10.el7cp.x86_64.rpm | Linux |
| (RHSA-2019:2538) Red Hat Ceph Storage 3.3 security, bug fix, and enhancement update python2-crypto-2.6.1-16.el7ost.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234