redhat ceph CVE-2018-14662 vulnerability in Red Hat and Other Products
Published on January 15, 2019

product logo product logo product logo product logo
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2018-14662 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2018-14662

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-14662 are published in these products:

Red Hat Ceph
 
Red Hat Ceph Storage
 
Debian Linux
 
OpenSuse Leap
 
Red Hat Enterprise Linux Server
 
Canonical Ubuntu Linux
 

Affected Versions

[UNKNOWN] ceph Version 13.2.4 is affected by CVE-2018-14662

Exploit Probability

EPSS
0.06%
Percentile
19.14%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.