Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-14662

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-15 Jan, 2019 | 21:00
Updated At-05 Aug, 2024 | 09:38
Rejected At-
Credits

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:15 Jan, 2019 | 21:00
Updated At:05 Aug, 2024 | 09:38
Rejected At:
▼CVE Numbering Authority (CNA)

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

Affected Products
Vendor
[UNKNOWN]
Product
ceph
Versions
Affected
  • 13.2.4
Problem Types
TypeCWE IDDescription
CWECWE-285CWE-285
Type: CWE
CWE ID: CWE-285
Description: CWE-285
Metrics
VersionBase scoreBase severityVector
3.03.5LOW
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.0
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662
x_refsource_CONFIRM
https://ceph.com/releases/13-2-4-mimic-released
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
vendor-advisory
x_refsource_SUSE
https://usn.ubuntu.com/4035-1/
vendor-advisory
x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2019:2538
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2541
vendor-advisory
x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662
Resource:
x_refsource_CONFIRM
Hyperlink: https://ceph.com/releases/13-2-4-mimic-released
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://usn.ubuntu.com/4035-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2538
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2541
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html
mailing-list
x_refsource_MLIST
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662
x_refsource_CONFIRM
x_transferred
https://ceph.com/releases/13-2-4-mimic-released
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://usn.ubuntu.com/4035-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://access.redhat.com/errata/RHSA-2019:2538
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2019:2541
vendor-advisory
x_refsource_REDHAT
x_transferred
https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://ceph.com/releases/13-2-4-mimic-released
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://usn.ubuntu.com/4035-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2538
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2541
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:15 Jan, 2019 | 21:29
Updated At:19 Apr, 2022 | 15:42

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.7MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.03.5LOW
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary2.02.7LOW
AV:A/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.7
Base severity: LOW
Vector:
AV:A/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
Red Hat, Inc.
redhat
>>ceph>>Versions before 13.2.4(exclusive)
cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>ceph_storage>>2.0
cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>ceph_storage>>3.0
cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-285Primarysecalert@redhat.com
CWE-732Secondarynvd@nist.gov
CWE ID: CWE-285
Type: Primary
Source: secalert@redhat.com
CWE ID: CWE-732
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2538secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2541secalert@redhat.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662secalert@redhat.com
Issue Tracking
Patch
Third Party Advisory
https://ceph.com/releases/13-2-4-mimic-releasedsecalert@redhat.com
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00002.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/08/msg00013.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4035-1/secalert@redhat.com
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2538
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2541
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662
Source: secalert@redhat.com
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://ceph.com/releases/13-2-4-mimic-released
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/4035-1/
Source: secalert@redhat.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

154Records found
CVE-2025-2850
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.52%
||
7 Day CHG-0.01%
Published-26 Apr, 2025 | 07:31
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GL.iNet GL-A1300 Slate Plus Download Interface improper authorization

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-GL.iNet
Product-GL-AX1800 FlintGL-E750V2 MudiGL-MT300N-V2 MangoGL-AXT1800 Slate AXGL-X300B CollieGL-B3000 MarbleGL-MT1300 BerylGL-AR750 CretaGL-B1300 Convexa-BGL-MT6000 Flint 2GL-BE3600 Slate 7GL-A1300 Slate PlusGL-MT3000 Beryl AXGL-SFT1200 OpalGL-XE300 PuliGL-MT2500 Brume 2GL-XE3000 Puli AXGL-X3000 Spitz AXGL-AR300M16 ShadowGL-X750 SpitzGL-AR750S-EXT SlateGL-E750GL-AR300M Shadow
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2019-12373
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||CRITICAL
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-03 Jun, 2019 | 19:27
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords.

Action-Not Available
Vendor-n/aIvanti Software
Product-landesk_management_suiten/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-25507
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.08% / 23.77%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 02:04
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-samsung_flowSamsung Flow
CWE ID-CWE-285
Improper Authorization
CVE-2024-29964
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-5.7||MEDIUM
EPSS-0.19% / 41.29%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 04:39
Updated-04 Feb, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

Action-Not Available
Vendor-Broadcom Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-brocade_sannavBrocade SANnavsannav
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found