CVE-2015-4053
Aliases:GHSA-79jf-ccm8-43w7PYSEC-2015-3
Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 08 Jun 2015, 14:00
Last modified:06 Aug 2024, 06:04
Vulnerability Summary
Overall Risk (default)
minimal
8/100 CVSS Score
2.1 LOW
v2.0 (nvd)
EPSS Score
0.05% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
08 Jun 2015, 14:00
Published
Vulnerability first disclosed
06 Aug 2024, 06:04
Last Modified
Vulnerability information updated
Description
The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
CVSS Metrics
- v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.05%• Percentile: 16%
Techniques & Countermeasures
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- ceph•ceph-deploy
≤ 1.5.22
- PyPI•ceph-deploy
< 1.5.25 | < 1.5.23
References (11)
- http://www.securityfocus.com/bid/74775
- http://www.openwall.com/lists/oss-security/2015/04/09/9
- http://www.openwall.com/lists/oss-security/2015/05/22/1
- http://rhn.redhat.com/errata/RHSA-2015-1092.html
- http://tracker.ceph.com/issues/11694
- https://nvd.nist.gov/vuln/detail/CVE-2015-4053
- https://github.com/ceph/ceph-deploy/pull/300
- https://github.com/ceph/ceph-deploy/commit/9f9fd6e3372043bd2fd67582324c8fb5d7aa361e
- https://github.com/ceph/ceph-deploy
- https://github.com/pypa/advisory-database/tree/main/vulns/ceph-deploy/PYSEC-2015-3.yaml
- https://web.archive.org/web/20200228093353/http://www.securityfocus.com/bid/74775