What is CVE-2018-16889?

CVE-2018-16889 is a medium-severity vulnerability in The Ceph Project, classified under Insertion of Sensitive Information into Log File. CVSS score: 5.5/10. Published 2019-01-28.

How severe is CVE-2018-16889?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Information disclosure in The Ceph Project

CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

EPSS: 0.005 (40.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

The Ceph Project — versions up to v13.2.4
Redhat Ceph

Weakness classification (CWE)

References

secalert@redhat.com (Third Party Advisory, vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch, Third Party Advisory, Issue Tracking)
secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2018-16889?: CVE-2018-16889 is a medium-severity vulnerability in The Ceph Project, classified under Insertion of Sensitive Information into Log File. CVSS score: 5.5/10. Published 2019-01-28.
How severe is CVE-2018-16889?: Medium severity. CVSS v3 base score is 5.5 out of 10.