DEBIAN-CVE-2018-16889

DEBIAN-CVE-2018-16889 PUBLISHED CVSS 7.5 HIGH

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:14	ceph	0, 0, 0
Debian:12	ceph	0, 0, 0
Debian:13	ceph	0, 0, 0
Debian:11	ceph	0, 0, 0

Timeline

Jan 28, 2019 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-16889 advisory

Open in Interactive Console →