Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ceph-deploy@1.5.1
Typepypi
Namespace
Nameceph-deploy
Version1.5.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.5.23
Latest_non_vulnerable_version1.5.23
Affected_by_vulnerabilities
0
url VCID-jvbr-1zfa-2ug8
vulnerability_id VCID-jvbr-1zfa-2ug8
summary The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1092.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1092.html
1
reference_url http://tracker.ceph.com/issues/11694
reference_id
reference_type
scores
url http://tracker.ceph.com/issues/11694
2
reference_url http://www.openwall.com/lists/oss-security/2015/04/09/9
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2015/04/09/9
3
reference_url http://www.openwall.com/lists/oss-security/2015/05/22/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2015/05/22/1
4
reference_url http://www.securityfocus.com/bid/74775
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/74775
fixed_packages
0
url pkg:pypi/ceph-deploy@1.5.23
purl pkg:pypi/ceph-deploy@1.5.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ceph-deploy@1.5.23
aliases CVE-2015-4053, PYSEC-2015-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvbr-1zfa-2ug8
1
url VCID-ttm9-cedd-t7eq
vulnerability_id VCID-ttm9-cedd-t7eq
summary ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155576.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155576.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155631.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155631.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-1092.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1092.html
3
reference_url https://bugzilla.suse.com/show_bug.cgi?id=920926
reference_id
reference_type
scores
url https://bugzilla.suse.com/show_bug.cgi?id=920926
4
reference_url https://github.com/ceph/ceph-deploy/commit/eee56770393bf19ed2dd5389226c6190c08dee3f
reference_id
reference_type
scores
url https://github.com/ceph/ceph-deploy/commit/eee56770393bf19ed2dd5389226c6190c08dee3f
5
reference_url https://github.com/ceph/ceph-deploy/pull/272
reference_id
reference_type
scores
url https://github.com/ceph/ceph-deploy/pull/272
6
reference_url http://www.openwall.com/lists/oss-security/2015/04/09/11
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2015/04/09/11
7
reference_url http://www.openwall.com/lists/oss-security/2015/04/09/9
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2015/04/09/9
8
reference_url http://www.securityfocus.com/bid/74043
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/74043
fixed_packages
0
url pkg:pypi/ceph-deploy@1.5.23
purl pkg:pypi/ceph-deploy@1.5.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ceph-deploy@1.5.23
aliases CVE-2015-3010, PYSEC-2015-2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttm9-cedd-t7eq
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ceph-deploy@1.5.1