AZL-38221

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-38221.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-38221

Upstream

CVE-2018-1129

Published

2018-07-10T14:29:00Z

Modified

2026-04-01T05:13:17.771308Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

CVE-2018-1129 affecting package ceph for versions less than 18.2.1-1

Details

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

References

https://nvd.nist.gov/vuln/detail/CVE-2018-1129

Affected packages

Azure Linux:3 / ceph

Package

Name: ceph
Purl: pkg:rpm/azure-linux/ceph

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.2.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-38221.json"