CVE-2018-1128
Publication date 10 July 2018
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Status
Package | Ubuntu Release | Status |
---|---|---|
ceph | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 · High |
Attack vector | Adjacent |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |