Low severityNVD Advisory· Published Jun 8, 2015· Updated Jun 17, 2026
CVE-2015-4053
CVE-2015-4053
Description
The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ceph-deployPyPI | < 1.5.25 | 1.5.25 |
Affected products
3- ghsa-coords2 versions
< 1.5.25+ 1 more
- (no CPE)range: < 1.5.25
- (no CPE)range: < 1.5.34+git.1470736983.963ba71-1.1
Patches
Vulnerability mechanics
References
11- tracker.ceph.com/issues/11694nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-79jf-ccm8-43w7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-4053ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2015-1092.htmlnvdWEB
- www.openwall.com/lists/oss-security/2015/04/09/9nvdWEB
- www.openwall.com/lists/oss-security/2015/05/22/1nvdWEB
- github.com/ceph/ceph-deploy/commit/9f9fd6e3372043bd2fd67582324c8fb5d7aa361eghsaWEB
- github.com/ceph/ceph-deploy/pull/300ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/ceph-deploy/PYSEC-2015-3.yamlghsaWEB
- web.archive.org/web/20200228093353/http://www.securityfocus.com/bid/74775ghsaWEB
- www.securityfocus.com/bid/74775nvd
News mentions
0No linked articles in our index yet.