CVE-2015-4053: ceph-deploy uses world-readable permissions on client.admin key
(updated )
The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
References
- github.com/advisories/GHSA-79jf-ccm8-43w7
- github.com/ceph/ceph-deploy
- github.com/ceph/ceph-deploy/commit/9f9fd6e3372043bd2fd67582324c8fb5d7aa361e
- github.com/ceph/ceph-deploy/pull/300
- github.com/pypa/advisory-database/tree/main/vulns/ceph-deploy/PYSEC-2015-3.yaml
- nvd.nist.gov/vuln/detail/CVE-2015-4053
- web.archive.org/web/20200228093353/http://www.securityfocus.com/bid/74775
Detect and mitigate CVE-2015-4053 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →