CVE-2018-10861

Description

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

How to fix CVE-2018-10861

To remediate CVE-2018-10861, upgrade the affected package to a fixed version below.

Debian/ceph—upgrade to 12.2.8+dfsg1-1 or later

Is CVE-2018-10861 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 12.2.8+dfsg1-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.1	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-10861