What is CVE-2018-10861?

CVE-2018-10861 is a high-severity vulnerability in Ceph, classified under Improper Authorization. CVSS score: 8.1/10. Published 2018-07-10.

How severe is CVE-2018-10861?

High severity. CVSS v3 base score is 8.1 out of 10.

Auth bypass in Ceph

CVE-2018-10861

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are belie…

EPSS: 0.032 (86.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H.

Affected products

Ceph — versions 10.2.0, 10.2.1, 10.2.2
Red Hat, Inc. Ceph — versions all versions in branches master, mimic, luminous and jewel
Debian Debian_linux — versions 9.0
Opensuse Leap — versions 15.0
Redhat Ceph_storage — versions 3
Redhat Ceph_storage_mon — versions 2, 3
Redhat Ceph_storage_osd — versions 2, 3
Redhat Enterprise_linux_desktop — versions 7.0
Redhat Enterprise_linux_server — versions 7.0
Redhat Enterprise_linux_workstation — versions 7.0

Weakness classification (CWE)

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2018-10861?: CVE-2018-10861 is a high-severity vulnerability in Ceph, classified under Improper Authorization. CVSS score: 8.1/10. Published 2018-07-10.
How severe is CVE-2018-10861?: High severity. CVSS v3 base score is 8.1 out of 10.