CVE-2015-3010

Published: Jun 16, 2015Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.

Affected (1)

Products: Ceph: Ceph Deploy

Ceph

1 product

Ceph Deploy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ceph Ceph Deploy	Version 1.5.22

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155576.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155631.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-1092.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/04/09/11

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/04/09/9

Source: cve@mitre.org

http://www.securityfocus.com/bid/74043

Source: cve@mitre.org

https://bugzilla.suse.com/show_bug.cgi?id=920926

Source: cve@mitre.org

https://github.com/ceph/ceph-deploy/commit/eee56770393bf19ed2dd5389226c6190c08dee3f

Source: cve@mitre.org

https://github.com/ceph/ceph-deploy/pull/272

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155576.html