Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ssk3-kfn8-vuhy

Summary ceph: debug logging for v4 auth does not sanitize encryption keys

Aliases

alias	CVE-2018-16889

Fixed_packages

url	pkg:deb/debian/ceph@12.2.11%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/ceph@12.2.11%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@12.2.11%252Bdfsg1-1%3Fdistro=trixie

url pkg:deb/debian/ceph@12.2.11%2Bdfsg1-2.1

purl pkg:deb/debian/ceph@12.2.11%2Bdfsg1-2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18bk-met9-qfc9

vulnerability	VCID-1fhp-86sm-bqe5

vulnerability	VCID-1yz5-m9s7-nqdm

vulnerability	VCID-36gd-352p-n7b7

vulnerability	VCID-3pwt-4j1y-dbg6

vulnerability	VCID-47cr-h639-tqd4

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-54nw-yq6d-2ueu

vulnerability	VCID-5bgn-2pbq-6yd1

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-7k2s-fmzx-a3d8

vulnerability	VCID-9e77-3unf-r3hu

vulnerability	VCID-a4u3-63ez-gfbc

vulnerability	VCID-gjne-rqt9-jqc5

vulnerability	VCID-kxvn-yjm8-3ygt

vulnerability	VCID-m5wq-1w2k-9khk

vulnerability	VCID-nczx-qfyh-xubz

vulnerability	VCID-pp2v-1dp5-4bbd

vulnerability	VCID-qkp7-s947-ufcu

vulnerability	VCID-r1ah-c6z7-vyen

vulnerability	VCID-rukb-cwpx-q3hy

vulnerability	VCID-zbwp-sfx4-xke7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@12.2.11%252Bdfsg1-2.1

url	pkg:deb/debian/ceph@14.2.21-1?distro=trixie
purl	pkg:deb/debian/ceph@14.2.21-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@14.2.21-1%3Fdistro=trixie

url pkg:deb/debian/ceph@16.2.15%2Bds-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/ceph@16.2.15%2Bds-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18bk-met9-qfc9

vulnerability	VCID-1yz5-m9s7-nqdm

vulnerability	VCID-r1ah-c6z7-vyen

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@16.2.15%252Bds-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/ceph@18.2.7%2Bds-1?distro=trixie

purl pkg:deb/debian/ceph@18.2.7%2Bds-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18bk-met9-qfc9

vulnerability	VCID-1yz5-m9s7-nqdm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@18.2.7%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/ceph@18.2.8%2Bds-1?distro=trixie
purl	pkg:deb/debian/ceph@18.2.8%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@18.2.8%252Bds-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/ceph@0.80.7-1~bpo70%2B1

purl pkg:deb/debian/ceph@0.80.7-1~bpo70%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18bk-met9-qfc9

vulnerability	VCID-1fhp-86sm-bqe5

vulnerability	VCID-1yz5-m9s7-nqdm

vulnerability	VCID-36gd-352p-n7b7

vulnerability	VCID-3pwt-4j1y-dbg6

vulnerability	VCID-47cr-h639-tqd4

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-54nw-yq6d-2ueu

vulnerability	VCID-5bgn-2pbq-6yd1

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-7k2s-fmzx-a3d8

vulnerability	VCID-9e77-3unf-r3hu

vulnerability	VCID-a4u3-63ez-gfbc

vulnerability	VCID-axaa-8h31-j3gd

vulnerability	VCID-bdcb-c7nj-j7gw

vulnerability	VCID-bysx-t7fz-5kdk

vulnerability	VCID-cm58-jgsb-7yaf

vulnerability	VCID-d8ft-cst1-5yh5

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-gj55-s7r1-f3b4

vulnerability	VCID-gjne-rqt9-jqc5

vulnerability	VCID-hqp5-p9fs-t3dk

vulnerability	VCID-kxvn-yjm8-3ygt

vulnerability	VCID-m5wq-1w2k-9khk

vulnerability	VCID-nczx-qfyh-xubz

vulnerability	VCID-pp2v-1dp5-4bbd

vulnerability	VCID-qkp7-s947-ufcu

vulnerability	VCID-qr8p-ec3h-37at

vulnerability	VCID-r1ah-c6z7-vyen

vulnerability	VCID-rukb-cwpx-q3hy

vulnerability	VCID-ss2f-8hxs-myb1

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-xsvh-emr7-r7as

vulnerability	VCID-yr1z-udw9-mfha

vulnerability	VCID-zbwp-sfx4-xke7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@0.80.7-1~bpo70%252B1

url pkg:deb/debian/ceph@0.80.7-2

purl pkg:deb/debian/ceph@0.80.7-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18bk-met9-qfc9

vulnerability	VCID-1fhp-86sm-bqe5

vulnerability	VCID-1yz5-m9s7-nqdm

vulnerability	VCID-36gd-352p-n7b7

vulnerability	VCID-3pwt-4j1y-dbg6

vulnerability	VCID-47cr-h639-tqd4

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-54nw-yq6d-2ueu

vulnerability	VCID-5bgn-2pbq-6yd1

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-7k2s-fmzx-a3d8

vulnerability	VCID-9e77-3unf-r3hu

vulnerability	VCID-a4u3-63ez-gfbc

vulnerability	VCID-axaa-8h31-j3gd

vulnerability	VCID-bdcb-c7nj-j7gw

vulnerability	VCID-bysx-t7fz-5kdk

vulnerability	VCID-cm58-jgsb-7yaf

vulnerability	VCID-d8ft-cst1-5yh5

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-gj55-s7r1-f3b4

vulnerability	VCID-gjne-rqt9-jqc5

vulnerability	VCID-hqp5-p9fs-t3dk

vulnerability	VCID-kxvn-yjm8-3ygt

vulnerability	VCID-m5wq-1w2k-9khk

vulnerability	VCID-nczx-qfyh-xubz

vulnerability	VCID-pp2v-1dp5-4bbd

vulnerability	VCID-qkp7-s947-ufcu

vulnerability	VCID-qr8p-ec3h-37at

vulnerability	VCID-r1ah-c6z7-vyen

vulnerability	VCID-rukb-cwpx-q3hy

vulnerability	VCID-ss2f-8hxs-myb1

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-xsvh-emr7-r7as

vulnerability	VCID-yr1z-udw9-mfha

vulnerability	VCID-zbwp-sfx4-xke7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@0.80.7-2

url pkg:deb/debian/ceph@0.80.7-2%2Bdeb8u2

purl pkg:deb/debian/ceph@0.80.7-2%2Bdeb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18bk-met9-qfc9

vulnerability	VCID-1fhp-86sm-bqe5

vulnerability	VCID-1yz5-m9s7-nqdm

vulnerability	VCID-36gd-352p-n7b7

vulnerability	VCID-3pwt-4j1y-dbg6

vulnerability	VCID-47cr-h639-tqd4

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-54nw-yq6d-2ueu

vulnerability	VCID-5bgn-2pbq-6yd1

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-7k2s-fmzx-a3d8

vulnerability	VCID-9e77-3unf-r3hu

vulnerability	VCID-a4u3-63ez-gfbc

vulnerability	VCID-axaa-8h31-j3gd

vulnerability	VCID-bdcb-c7nj-j7gw

vulnerability	VCID-bysx-t7fz-5kdk

vulnerability	VCID-cm58-jgsb-7yaf

vulnerability	VCID-d8ft-cst1-5yh5

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-gj55-s7r1-f3b4

vulnerability	VCID-gjne-rqt9-jqc5

vulnerability	VCID-hqp5-p9fs-t3dk

vulnerability	VCID-kxvn-yjm8-3ygt

vulnerability	VCID-m5wq-1w2k-9khk

vulnerability	VCID-nczx-qfyh-xubz

vulnerability	VCID-pp2v-1dp5-4bbd

vulnerability	VCID-qkp7-s947-ufcu

vulnerability	VCID-qr8p-ec3h-37at

vulnerability	VCID-r1ah-c6z7-vyen

vulnerability	VCID-rukb-cwpx-q3hy

vulnerability	VCID-ss2f-8hxs-myb1

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-xsvh-emr7-r7as

vulnerability	VCID-yr1z-udw9-mfha

vulnerability	VCID-zbwp-sfx4-xke7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@0.80.7-2%252Bdeb8u2

url pkg:deb/debian/ceph@0.80.10-2~bpo8%2B1

purl pkg:deb/debian/ceph@0.80.10-2~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18bk-met9-qfc9

vulnerability	VCID-1fhp-86sm-bqe5

vulnerability	VCID-1yz5-m9s7-nqdm

vulnerability	VCID-36gd-352p-n7b7

vulnerability	VCID-3pwt-4j1y-dbg6

vulnerability	VCID-47cr-h639-tqd4

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-54nw-yq6d-2ueu

vulnerability	VCID-5bgn-2pbq-6yd1

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-7k2s-fmzx-a3d8

vulnerability	VCID-9e77-3unf-r3hu

vulnerability	VCID-a4u3-63ez-gfbc

vulnerability	VCID-axaa-8h31-j3gd

vulnerability	VCID-bdcb-c7nj-j7gw

vulnerability	VCID-cm58-jgsb-7yaf

vulnerability	VCID-d8ft-cst1-5yh5

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-gj55-s7r1-f3b4

vulnerability	VCID-gjne-rqt9-jqc5

vulnerability	VCID-hqp5-p9fs-t3dk

vulnerability	VCID-kxvn-yjm8-3ygt

vulnerability	VCID-m5wq-1w2k-9khk

vulnerability	VCID-nczx-qfyh-xubz

vulnerability	VCID-pp2v-1dp5-4bbd

vulnerability	VCID-qkp7-s947-ufcu

vulnerability	VCID-qr8p-ec3h-37at

vulnerability	VCID-r1ah-c6z7-vyen

vulnerability	VCID-rukb-cwpx-q3hy

vulnerability	VCID-ss2f-8hxs-myb1

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-xsvh-emr7-r7as

vulnerability	VCID-yr1z-udw9-mfha

vulnerability	VCID-zbwp-sfx4-xke7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@0.80.10-2~bpo8%252B1

url pkg:deb/debian/ceph@10.2.5-6~bpo8%2B1

purl pkg:deb/debian/ceph@10.2.5-6~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18bk-met9-qfc9

vulnerability	VCID-1fhp-86sm-bqe5

vulnerability	VCID-1yz5-m9s7-nqdm

vulnerability	VCID-36gd-352p-n7b7

vulnerability	VCID-3pwt-4j1y-dbg6

vulnerability	VCID-47cr-h639-tqd4

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-54nw-yq6d-2ueu

vulnerability	VCID-5bgn-2pbq-6yd1

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-7k2s-fmzx-a3d8

vulnerability	VCID-9e77-3unf-r3hu

vulnerability	VCID-a4u3-63ez-gfbc

vulnerability	VCID-axaa-8h31-j3gd

vulnerability	VCID-bdcb-c7nj-j7gw

vulnerability	VCID-d8ft-cst1-5yh5

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-gjne-rqt9-jqc5

vulnerability	VCID-hqp5-p9fs-t3dk

vulnerability	VCID-kxvn-yjm8-3ygt

vulnerability	VCID-m5wq-1w2k-9khk

vulnerability	VCID-nczx-qfyh-xubz

vulnerability	VCID-pp2v-1dp5-4bbd

vulnerability	VCID-qkp7-s947-ufcu

vulnerability	VCID-r1ah-c6z7-vyen

vulnerability	VCID-rukb-cwpx-q3hy

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-xsvh-emr7-r7as

vulnerability	VCID-yr1z-udw9-mfha

vulnerability	VCID-zbwp-sfx4-xke7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@10.2.5-6~bpo8%252B1

url pkg:deb/debian/ceph@10.2.11-2

purl pkg:deb/debian/ceph@10.2.11-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18bk-met9-qfc9

vulnerability	VCID-1fhp-86sm-bqe5

vulnerability	VCID-1yz5-m9s7-nqdm

vulnerability	VCID-36gd-352p-n7b7

vulnerability	VCID-3pwt-4j1y-dbg6

vulnerability	VCID-47cr-h639-tqd4

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-54nw-yq6d-2ueu

vulnerability	VCID-5bgn-2pbq-6yd1

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-7k2s-fmzx-a3d8

vulnerability	VCID-9e77-3unf-r3hu

vulnerability	VCID-a4u3-63ez-gfbc

vulnerability	VCID-axaa-8h31-j3gd

vulnerability	VCID-bdcb-c7nj-j7gw

vulnerability	VCID-d8ft-cst1-5yh5

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-gjne-rqt9-jqc5

vulnerability	VCID-kxvn-yjm8-3ygt

vulnerability	VCID-m5wq-1w2k-9khk

vulnerability	VCID-nczx-qfyh-xubz

vulnerability	VCID-pp2v-1dp5-4bbd

vulnerability	VCID-qkp7-s947-ufcu

vulnerability	VCID-r1ah-c6z7-vyen

vulnerability	VCID-rukb-cwpx-q3hy

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-xsvh-emr7-r7as

vulnerability	VCID-yr1z-udw9-mfha

vulnerability	VCID-zbwp-sfx4-xke7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ceph@10.2.11-2

url pkg:rpm/redhat/ceph@2:12.2.12-45?arch=el7cp

purl pkg:rpm/redhat/ceph@2:12.2.12-45?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-yr1z-udw9-mfha

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph@2:12.2.12-45%3Farch=el7cp

url pkg:rpm/redhat/ceph-ansible@3.2.24-1?arch=el7cp

purl pkg:rpm/redhat/ceph-ansible@3.2.24-1?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-yr1z-udw9-mfha

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph-ansible@3.2.24-1%3Farch=el7cp

url pkg:rpm/redhat/ceph-iscsi-config@2.6-19?arch=el7cp

purl pkg:rpm/redhat/ceph-iscsi-config@2.6-19?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-yr1z-udw9-mfha

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph-iscsi-config@2.6-19%3Farch=el7cp

url pkg:rpm/redhat/cephmetrics@2.0.6-1?arch=el7cp

purl pkg:rpm/redhat/cephmetrics@2.0.6-1?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-yr1z-udw9-mfha

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cephmetrics@2.0.6-1%3Farch=el7cp

url pkg:rpm/redhat/libntirpc@1.7.4-1?arch=el7cp

purl pkg:rpm/redhat/libntirpc@1.7.4-1?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-yr1z-udw9-mfha

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libntirpc@1.7.4-1%3Farch=el7cp

url pkg:rpm/redhat/nfs-ganesha@2.7.4-10?arch=el7cp

purl pkg:rpm/redhat/nfs-ganesha@2.7.4-10?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-yr1z-udw9-mfha

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nfs-ganesha@2.7.4-10%3Farch=el7cp

url pkg:rpm/redhat/python-crypto@2.6.1-16?arch=el7ost

purl pkg:rpm/redhat/python-crypto@2.6.1-16?arch=el7ost

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fy1p-qh8k-m7b8

vulnerability	VCID-ssk3-kfn8-vuhy

vulnerability	VCID-yr1z-udw9-mfha

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-crypto@2.6.1-16%3Farch=el7ost

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16889.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16889.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16889

reference_id

reference_type

scores

value	0.00068
scoring_system	epss
scoring_elements	0.20917
published_at	2026-04-01T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20888
published_at	2026-04-16T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20977
published_at	2026-04-09T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20994
published_at	2026-04-11T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20951
published_at	2026-04-12T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20898
published_at	2026-04-13T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21068
published_at	2026-04-02T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21121
published_at	2026-04-04T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20836
published_at	2026-04-07T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20916
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16889

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16889

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16889
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16889

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	http://www.securityfocus.com/bid/106528
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106528

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1665334
reference_id	1665334
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1665334

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918969
reference_id	918969
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918969

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph::::::::
reference_id	cpe:2.3:a:redhat:ceph::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ceph::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16889

reference_id

CVE-2018-16889

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16889

reference_url	https://access.redhat.com/errata/RHSA-2019:2538
reference_id	RHSA-2019:2538
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2538

reference_url	https://access.redhat.com/errata/RHSA-2019:2541
reference_id	RHSA-2019:2541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2541

reference_url	https://usn.ubuntu.com/4035-1/
reference_id	USN-4035-1
reference_type
scores
url	https://usn.ubuntu.com/4035-1/

Weaknesses

cwe_id	538
name	Insertion of Sensitive Information into Externally-Accessible File or Directory
description	The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

cwe_id	532
name	Insertion of Sensitive Information into Log File
description	Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

cwe_id	312
name	Cleartext Storage of Sensitive Information
description	The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Exploits

Severity_range_score 5.0 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ssk3-kfn8-vuhy

Vulnerability Instance