CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3010 – ceph-deploy: keyring permissions are world readable in ~ceph
https://notcve.org/view.php?id=CVE-2015-3010
11 Jun 2015 — ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. ceph-deploy anterior a 1.5.23 utiliza permisos débiles (644) para ceph/ceph.client.admin.keyring, lo que permite a usuarios locales obtener información sensible mediante la lectura del fichero. It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155576.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4053 – ceph-deploy admin command copies keyring file to /etc/ceph which is world readable
https://notcve.org/view.php?id=CVE-2015-4053
08 Jun 2015 — The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. El comando de administración en ceph-deploy anterior a 1.5.25 utiliza permisos de lectura universal para /etc/ceph/ceph.client.admin.keyring, lo que permite a usuarios locales obtener información sensible mediante la lectura del fichero. It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Sto... • http://rhn.redhat.com/errata/RHSA-2015-1092.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •