ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring
, which allows local users to obtain sensitive information by reading the file.
{ "nvd_published_at": "2015-06-16T16:59:00Z", "cwe_ids": [ "CWE-200" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-04-29T16:18:48Z" }