CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-01-28 14:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-16889

Mitre link : CVE-2018-16889

CVE.ORG link : CVE-2018-16889


JSON object : View

Products Affected

redhat

  • ceph
CWE
CWE-532

Insertion of Sensitive Information into Log File

CWE-20

Improper Input Validation

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-312

Cleartext Storage of Sensitive Information