CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:53

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 5.5
References () http://www.securityfocus.com/bid/106528 - Third Party Advisory () http://www.securityfocus.com/bid/106528 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:2538 - () https://access.redhat.com/errata/RHSA-2019:2538 -
References () https://access.redhat.com/errata/RHSA-2019:2541 - () https://access.redhat.com/errata/RHSA-2019:2541 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889 - Exploit, Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889 - Exploit, Issue Tracking, Patch, Third Party Advisory
References () https://usn.ubuntu.com/4035-1/ - () https://usn.ubuntu.com/4035-1/ -

Information

Published : 2019-01-28 14:29

Updated : 2024-11-21 03:53


NVD link : CVE-2018-16889

Mitre link : CVE-2018-16889

CVE.ORG link : CVE-2018-16889


JSON object : View

Products Affected

redhat

  • ceph
CWE
CWE-532

Insertion of Sensitive Information into Log File

CWE-20

Improper Input Validation

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-312

Cleartext Storage of Sensitive Information