ceph ceph CVE-2018-1129 vulnerability in Ceph and Other Products
Published on July 10, 2018

product logo product logo product logo product logo
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2018-1129 has been classified to as an Authorization vulnerability or weakness.


Products Associated with CVE-2018-1129

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-1129 are published in these products:

Ceph
 
Red Hat Ceph Storage
 
Red Hat Ceph Storage Mon
 
Red Hat Ceph Storage Osd
 
Debian Linux
 
OpenSuse Leap
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Workstation
 

Affected Versions

Red Hat, Inc. ceph Version all versions in branches master, mimic, luminous and jewel is affected by CVE-2018-1129

Exploit Probability

EPSS
0.40%
Percentile
60.53%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.