CVE-2018-16889 Vulnerability Details

  /     /     /  

CVE-2018-16889 Metadata Quick Info

CVE Published: 28/01/2019 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: redhat | Vendor: The Ceph Project | Product: ceph
Status : PUBLISHED

---

CVE-2018-16889 Description

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-532
CWE Name: CWE-532
Source: The Ceph Project

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).