CVE-2018-16889
Summary
| CVE | CVE-2018-16889 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-28 14:29:00 UTC |
| Updated | 2023-02-13 04:52:00 UTC |
| Description | Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Redhat Ceph Storage CVE-2018-16889 Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory |
| 1665334 – (CVE-2018-16889) CVE-2018-16889 ceph: debug logging for v4 auth does not sanitize encryption keys | CONFIRM | bugzilla.redhat.com | Exploit, Issue Tracking, Patch, Third Party Advisory |
| USN-4035-1: Ceph vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| 1665334 – (CVE-2018-16889) CVE-2018-16889 ceph: debug logging for v4 auth does not sanitize encryption keys | MISC | bugzilla.redhat.com | |
| CVE-2018-16889 - Red Hat Customer Portal | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.