dm-crypt Key Theft in Ceph Disk Encryption by Authenticated Users
CVE-2018-14662

3.5LOW

Key Information:

Vendor

[unknown]

Status
Ceph
Vendor
CVE Published:
15 January 2019

What is CVE-2018-14662?

Ceph versions prior to 13.2.4 allow authenticated users with read-only permissions to exploit a vulnerability that enables them to steal dm-crypt encryption keys. This significant security issue can lead to unauthorized decryption of sensitive data, highlighting the importance of updating to secure versions and implementing proper access controls to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ceph 13.2.4

References

https://lists.debian.org/debian-lts-announce/2019/03/msg0...
mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662
x_refsource_CONFIRM
https://ceph.com/releases/13-2-4-mimic-released
x_refsource_MISC

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.