CVE-2018-16889

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-16889

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16889.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-16889

Downstream

DEBIAN-CVE-2018-16889

RHSA-2019:2538

SUSE-SU-2019:0499-1

SUSE-SU-2019:2049-1

SUSE-SU-2019:2364-1

UBUNTU-CVE-2018-16889

USN-4035-1

openSUSE-SU-2024:10676-1

Related

Published

2019-01-28T14:29:00Z

Modified

2025-09-19T09:27:22.185402Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

References

Affected packages

Git / github.com/ceph/ceph

Affected ranges

Type: GIT
Repo: https://github.com/ceph/ceph
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b10be4d44915a4d78a8e06aa31919e74927b142e

Affected versions

mark-v0.*

mark-v0.70-wip

v0.*

v0.1

v0.10

v0.11

v0.12

v0.13

v0.14

v0.15

v0.16

v0.16.1

v0.17

v0.18

v0.19

v0.2

v0.20

v0.21

v0.21.1

v0.21.2

v0.21.3

v0.22

v0.22.1

v0.22.2

v0.23

v0.23.1

v0.23.2

v0.24

v0.24.1

v0.24.2

v0.24.3

v0.25

v0.25.1

v0.25.2

v0.26

v0.27

v0.27.1

v0.28

v0.28.1

v0.28.2

v0.29

v0.29.1

v0.3

v0.30

v0.31

v0.32

v0.33

v0.34

v0.35

v0.36

v0.37

v0.38

v0.39

v0.4

v0.40

v0.41

v0.42

v0.42.1

v0.42.2

v0.43

v0.44

v0.44.1

v0.44.2

v0.45

v0.46

v0.47

v0.47.1

v0.47.2

v0.47.3

v0.48argonaut

v0.49

v0.5

v0.50

v0.51

v0.52

v0.53

v0.54

v0.55

v0.55.1

v0.56

v0.57

v0.58

v0.59

v0.6

v0.60

v0.61

v0.62

v0.63

v0.64

v0.65

v0.66

v0.67

v0.67-rc1

v0.67-rc2

v0.67-rc3

v0.68

v0.69

v0.7

v0.7.1

v0.7.2

v0.7.3

v0.70

v0.71

v0.72

v0.72-rc1

v0.73

v0.74

v0.75

v0.76

v0.77

v0.78

v0.79

v0.8

v0.80

v0.80-rc1

v0.81

v0.82

v0.83

v0.84

v0.85

v0.86

v0.87

v0.88

v0.89

v0.9

v0.90

v0.91

v0.92

v0.93

v0.94

v10.*

v10.0.0

v10.0.1

v10.0.2

v10.0.3

v10.0.4

v10.0.5

v10.1.0

v10.1.1

v10.1.2

v10.2.0

v11.*

v11.0.0

v11.0.1

v11.0.2

v11.1.0

v12.*

v12.0.0

v12.0.1

v12.0.2

v12.0.3

v12.1.0

v12.1.1

v12.1.2

v13.*

v13.0.0

v13.0.1

v13.0.2

v13.1.0

v13.1.1

v13.2.0

v13.2.1

v13.2.2

v13.2.3

v13.2.4

v9.*

v9.0.0

v9.0.1

v9.0.2

v9.0.3

v9.1.0

v9.2.0