dm-crypt Key Theft in Ceph Disk Encryption by Authenticated Users
CVE-2018-14662

3.5LOW

Key Information:

Vendor: [unknown]
Status: Ceph
Vendor: CVE Published:; 15 January 2019

What is CVE-2018-14662?

Ceph versions prior to 13.2.4 allow authenticated users with read-only permissions to exploit a vulnerability that enables them to steal dm-crypt encryption keys. This significant security issue can lead to unauthorized decryption of sensitive data, highlighting the importance of updating to secure versions and implementing proper access controls to mitigate potential risks.

Affected Version(s)

ceph 13.2.4

References

https://lists.debian.org/debian-lts-announce/2019/03/msg0...

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662

x_refsource_CONFIRM

https://ceph.com/releases/13-2-4-mimic-released

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2019
Vulnerability Reserved
Jul 27, 2018

[unknown]

What is CVE-2018-14662?

Affected Version(s)

References

CVSS V3.1

Timeline