PYSEC-2015-2
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/ceph-deploy/PYSEC-2015-2.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2015-2
- Aliases
-
- CVE-2015-3010
- GHSA-9w4f-3v37-6f75
- Published
- 2015-06-16T16:59:00Z
- Modified
- 2024-04-29T16:41:33.582667Z
- Summary
- [none]
- Details
-
ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
- References
-
- http://www.openwall.com/lists/oss-security/2015/04/09/9
- http://rhn.redhat.com/errata/RHSA-2015-1092.html
- https://bugzilla.suse.com/show_bug.cgi?id=920926
- https://github.com/ceph/ceph-deploy/pull/272
- http://www.openwall.com/lists/oss-security/2015/04/09/11
- https://github.com/ceph/ceph-deploy/commit/eee56770393bf19ed2dd5389226c6190c08dee3f
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155576.html
- http://www.securityfocus.com/bid/74043
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155631.html
Affected packages
PyPI / ceph-deploy
Package
- Name
- ceph-deploy
- View open source insights on deps.dev
- Purl
- pkg:pypi/ceph-deploy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ceph/ceph-deploy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.23