Unrated severityNVD Advisory· Published Jul 10, 2018· Updated Sep 16, 2024

CVE-2018-10861

Description

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

Affected products

osv-coords10 versions
pkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.0 pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/ceph-test&distro=SUSE%20Enterprise%20Storage%204
< 13.2.4.125+gad802694f5-lp150.2.3.1+ 9 more
- (no CPE)range: < 13.2.4.125+gad802694f5-lp150.2.3.1
- (no CPE)range: < 13.2.4.125+gad802694f5-lp150.2.3.1
- (no CPE)range: < 10.2.11+git.1531487710.3a12911a2e-12.14.2
- (no CPE)range: < 12.2.5+git.1530082629.8cbf63d997-2.16.1
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 13.2.4.125+gad802694f5-3.7.2
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 10.2.11+git.1531487710.3a12911a2e-12.14.2
Red Hat, Inc./cephv5
Range: all versions in branches master, mimic, luminous and jewel

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2018:2177mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2018:2179mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2018:2261mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2018:2274mitrevendor-advisoryx_refsource_REDHAT
www.debian.org/security/2018/dsa-4339mitrevendor-advisoryx_refsource_DEBIAN
tracker.ceph.com/issues/24838mitrex_refsource_CONFIRM
www.securityfocus.com/bid/104742mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffcmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000