CVE-2018-10861

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

Published: Jul 10, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-10861
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ceph / ceph	12.2.1	12.2.1.x
ceph / ceph	13.2.1	13.2.1.x
ceph / ceph	13.2.0	13.2.0.x
ceph / ceph	12.2.7	12.2.7.x
ceph / ceph	12.2.6	12.2.6.x
ceph / ceph	12.2.5	12.2.5.x
ceph / ceph	12.2.4	12.2.4.x
ceph / ceph	12.2.3	12.2.3.x
ceph / ceph	12.2.2	12.2.2.x
ceph / ceph	12.2.0	12.2.0.x
ceph / ceph	10.2.11	10.2.11.x
ceph / ceph	10.2.10	10.2.10.x
ceph / ceph	10.2.9	10.2.9.x
ceph / ceph	10.2.8	10.2.8.x
ceph / ceph	10.2.7	10.2.7.x
ceph / ceph	10.2.6	10.2.6.x
ceph / ceph	10.2.5	10.2.5.x
ceph / ceph	10.2.4	10.2.4.x
ceph / ceph	10.2.3	10.2.3.x
ceph / ceph	10.2.2	10.2.2.x
ceph / ceph	10.2.1	10.2.1.x
ceph / ceph	10.2.0	10.2.0.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / ceph_storage_osd	2	2.x
redhat / ceph_storage_mon	2	2.x
redhat / ceph_storage	3	3.x
redhat / ceph_storage_osd	3	3.x
redhat / ceph_storage_mon	3	3.x
opensuse / leap	15.0	15.0.x
debian / debian_linux	9.0	9.0.x

Vulnerability Database

289,599

CVE-2018-10861