CVE-2018-16889

HIGH7.5EPSS 0.07%

Published: 1/28/2019Modified: 4/28/2026

Description

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

Affected packages (1)

Debian/cephfrom 0, < 12.2.11+dfsg1-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-16889