CVE-2018-1128

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1128
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1128.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1128
Downstream
Related
Published
2018-07-10T14:29:00.370Z
Modified
2026-03-17T06:56:13.777414Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

References

Affected packages

Git / github.com/ceph/ceph

Affected ranges

Type
GIT
Repo
https://github.com/ceph/ceph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1d0909a0ace0d739990e3555707f415e61096d9c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1d0909a0ace0d739990e3555707f415e61096d9c
Introduced
3a9fba20ec743699b69bd0181dd6c54dc01c64b9
Last affected
5533ecdc0fda920179d7ad84e0aa65a127b20d77
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bd7989103911796eb5698cf208b0ccdc3370d707
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3c9db396aed1f773cbb3441dfb7a21f0b11ab3e1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2"
        },
        {
            "introduced": "10.2.0"
        },
        {
            "last_affected": "13.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.0"
        }
    ]
}

Affected versions

v10.*
v10.2.0
v11.*
v11.0.0
v11.0.1
v11.0.2
v11.1.0
v12.*
v12.0.0
v12.0.1
v12.0.2
v12.0.3
v12.1.0
v12.1.1
v12.1.2
v13.*
v13.0.0
v13.0.1
v13.0.2
v13.1.0
v13.1.1
v13.2.0
v13.2.1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1128.json"