CVE-2018-10861

{"id": "CVE-2018-10861", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2018-07-10T14:29:00.213", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://tracker.ceph.com/issues/24838", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/104742", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2177", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2179", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2261", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2274", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.debian.org/security/2018/dsa-4339", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tracker.ceph.com/issues/24838", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/104742", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2177", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2179", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2261", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2274", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2018/dsa-4339", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected."}, {"lang": "es", "value": "Se ha encontrado un error en la forma en la que ceph mon maneja las peticiones de usuario. Cualquier usuario de ceph autenticado que tenga acceso de lectura en ceph puede eliminar, crear pools de almacenamiento de ceph y corromper im\u00e1genes instant\u00e1neas. Se cree que las ramas de ceph master, mimic, luminous y jewel se han visto afectadas."}], "lastModified": "2024-11-21T03:42:09.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ceph:ceph:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8901022A-8A84-494A-A5BF-358F2CBBDFFF"}, {"criteria": "cpe:2.3:a:ceph:ceph:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76788B0A-7776-4D0C-B0D7-C855E9A0231E"}, {"criteria": "cpe:2.3:a:ceph:ceph:10.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A925DB4-83DC-45D1-A48B-1675A111213B"}, {"criteria": "cpe:2.3:a:ceph:ceph:10.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D22BA440-CB28-445C-A7F8-CBD6E8965B2E"}, {"criteria": "cpe:2.3:a:ceph:ceph:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A503C653-AFEB-4E5A-872B-AD033C0E2259"}, {"criteria": "cpe:2.3:a:ceph:ceph:10.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C00462A-A1B8-42A7-9336-DE1BF5510B6B"}, {"criteria": "cpe:2.3:a:ceph:ceph:10.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3505D4E2-4EA8-40A4-A57C-46CCA9922EF3"}, {"criteria": "cpe:2.3:a:ceph:ceph:10.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09EC481B-79F0-41DB-B95F-D1A221C96F4B"}, {"criteria": "cpe:2.3:a:ceph:ceph:10.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31F159B5-AF02-48BE-B994-749F21B9D362"}, {"criteria": "cpe:2.3:a:ceph:ceph:10.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9684039-7938-405D-B833-4C54BFBD6476"}, {"criteria": "cpe:2.3:a:ceph:ceph:10.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FAE4350-8F39-4E78-AB25-17DE76FD57AF"}, {"criteria": "cpe:2.3:a:ceph:ceph:10.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B2369D2-4413-447C-A0A8-84CA37B1F5B8"}, {"criteria": "cpe:2.3:a:ceph:ceph:12.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3515BF53-4921-462F-820E-B842BB3FF066"}, {"criteria": "cpe:2.3:a:ceph:ceph:12.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48067E54-26F5-4020-BCEA-A65C2536618B"}, {"criteria": "cpe:2.3:a:ceph:ceph:12.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9A86B91-78C3-4D02-B7C8-11AAFB1CCCEC"}, {"criteria": "cpe:2.3:a:ceph:ceph:12.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDBD084F-4A0B-4231-8465-61F8BE5E57F6"}, {"criteria": "cpe:2.3:a:ceph:ceph:12.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0885F67A-E01B-4BF2-A760-D452B55C5F69"}, {"criteria": "cpe:2.3:a:ceph:ceph:12.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB9D95E9-52F3-459C-89AD-6FCA6A975085"}, {"criteria": "cpe:2.3:a:ceph:ceph:12.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "087C6821-9A77-4CC8-8AA0-2C51414D9B58"}, {"criteria": "cpe:2.3:a:ceph:ceph:12.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A667C6AF-76D4-4192-A8BF-395F368EFAE4"}, {"criteria": "cpe:2.3:a:ceph:ceph:13.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13BF6806-6E69-4172-9260-2E97FB253339"}, {"criteria": "cpe:2.3:a:ceph:ceph:13.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCAE0EE4-BBE9-4DBD-84CC-9A72E97E73E6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ceph_storage:3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9184616-421F-4EA9-AC1A-A4C95BBAAC99"}, {"criteria": "cpe:2.3:a:redhat:ceph_storage_mon:2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C2EBAD9-F0D5-4176-9C4D-001B230E699E"}, {"criteria": "cpe:2.3:a:redhat:ceph_storage_mon:3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD2F9BA8-FE0A-43DE-A756-C35A24C3D96E"}, {"criteria": "cpe:2.3:a:redhat:ceph_storage_osd:2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA5F5227-DBDA-4C01-BF7C-4D53F455404F"}, {"criteria": "cpe:2.3:a:redhat:ceph_storage_osd:3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A80BACB5-7A56-4BC6-9261-58A3860F4E8C"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}