CVE-2018-14662 LOW

CVE-2018-14662

Vendor [Unknown]

Product ceph

Weakness CWE-285

Published January 15, 2019

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

Key dates

02Disclosure timeline

January 15, 2019 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-14662

Related vulnerabilities

04Related CVE

CVE-2026-35407 Saleor has Cross-Account Email Change via Unbound Confirmation Token CVE-2024-39597 [CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce CVE-2026-7091 code-projects Invoice System in Laravel User Management user improper authorization CVE-2025-49594 XWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right CVE-2022-36838