VDB
RHSA-2018%3A2179
RHSA-2018%3A2179
PUBLISHED
CVSS 5.900000095367432 MEDIUM
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to the ceph cluster network who is also able to sniff packets on the network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service.
Risk Scores
CVSS 3.0
5.900000095367432
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Ceph Storage 3 for Ubuntu |
Timeline
- Jul 11, 2018 CVE Published
- Nov 21, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2018:2179 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1575866 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1576057 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1593308 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2179.json advisory
- https://access.redhat.com/security/cve/CVE-2018-1128 advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1128 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-1128 advisory
- https://access.redhat.com/security/cve/CVE-2018-1129 advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1129 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-1129 advisory
- https://access.redhat.com/security/cve/CVE-2018-10861 advisory
- https://www.cve.org/CVERecord?id=CVE-2018-10861 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-10861 advisory