VDB

RHSA-2018%3A2179

RHSA-2018%3A2179 PUBLISHED CVSS 5.900000095367432 MEDIUM

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to the ceph cluster network who is also able to sniff packets on the network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service.

Risk Scores

CVSS 3.0
5.900000095367432
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Affected Products

VendorProductVersions
Red HatRed Hat Ceph Storage 3 for Ubuntu

Timeline

  • Jul 11, 2018 CVE Published
  • Nov 21, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›