VYPR

Ceph Iscsi CLI

by Ceph

Source repositories

CVEs (1)

  • CVE-2018-14649CriOct 9, 2018
    risk 0.58cvss 9.8epss 0.12

    It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access…