ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
References
Configurations
History
No history.
Information
Published : 2015-06-16 16:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-3010
Mitre link : CVE-2015-3010
CVE.ORG link : CVE-2015-3010
JSON object : View
Products Affected
ceph
- ceph-deploy
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor