CVE-2018-16889

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-16889
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16889.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-16889
Related
Published
2019-01-28T14:29:00Z
Modified
2024-10-12T03:18:28.938031Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

References

Affected packages

Debian:11 / ceph

Package

Name
ceph
Purl
pkg:deb/debian/ceph?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.2.11+dfsg1-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / ceph

Package

Name
ceph
Purl
pkg:deb/debian/ceph?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.2.11+dfsg1-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / ceph

Package

Name
ceph
Purl
pkg:deb/debian/ceph?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.2.11+dfsg1-1

Ecosystem specific

{
    "urgency": "low"
}

Git / github.com/ceph/ceph

Affected ranges

Type
GIT
Repo
https://github.com/ceph/ceph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

mark-v0.*

mark-v0.70-wip

v0.*

v0.1
v0.10
v0.11
v0.12
v0.13
v0.14
v0.15
v0.16
v0.16.1
v0.17
v0.18
v0.19
v0.2
v0.20
v0.21
v0.21.1
v0.21.2
v0.21.3
v0.22
v0.22.1
v0.22.2
v0.23
v0.23.1
v0.23.2
v0.24
v0.24.1
v0.24.2
v0.24.3
v0.25
v0.25.1
v0.25.2
v0.26
v0.27
v0.27.1
v0.28
v0.28.1
v0.28.2
v0.29
v0.29.1
v0.3
v0.30
v0.31
v0.32
v0.33
v0.34
v0.35
v0.36
v0.37
v0.38
v0.39
v0.4
v0.40
v0.41
v0.42
v0.42.1
v0.42.2
v0.43
v0.44
v0.44.1
v0.44.2
v0.45
v0.46
v0.47
v0.47.1
v0.47.2
v0.47.3
v0.48argonaut
v0.49
v0.5
v0.50
v0.51
v0.52
v0.53
v0.54
v0.55
v0.55.1
v0.56
v0.57
v0.58
v0.59
v0.6
v0.60
v0.61
v0.62
v0.63
v0.64
v0.65
v0.66
v0.67
v0.67-rc1
v0.67-rc2
v0.67-rc3
v0.68
v0.69
v0.7
v0.7.1
v0.7.2
v0.7.3
v0.70
v0.71
v0.72
v0.72-rc1
v0.73
v0.74
v0.75
v0.76
v0.77
v0.78
v0.79
v0.8
v0.80
v0.80-rc1
v0.81
v0.82
v0.83
v0.84
v0.85
v0.86
v0.87
v0.88
v0.89
v0.9
v0.90
v0.91
v0.92
v0.93
v0.94

v10.*

v10.0.0
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.1.0
v10.1.1
v10.1.2
v10.2.0

v11.*

v11.0.0
v11.0.1
v11.0.2
v11.1.0

v12.*

v12.0.0
v12.0.1
v12.0.2
v12.0.3
v12.1.0
v12.1.1
v12.1.2

v13.*

v13.0.0
v13.0.1
v13.0.2
v13.1.0
v13.1.1
v13.2.0
v13.2.1
v13.2.2
v13.2.3
v13.2.4

v9.*

v9.0.0
v9.0.1
v9.0.2
v9.0.3
v9.1.0
v9.2.0