{"id":"CVE-2018-10861","details":"A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.","modified":"2026-04-10T04:04:07.716261Z","published":"2018-07-10T14:29:00.213Z","related":["SUSE-SU-2018:1920-1","SUSE-SU-2018:2193-1","SUSE-SU-2018:2299-1","SUSE-SU-2018:2478-1","SUSE-SU-2019:0586-1","openSUSE-SU-2019:1284-1","openSUSE-SU-2024:10676-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104742"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2179"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2177"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2261"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2274"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4339"},{"type":"REPORT","url":"http://tracker.ceph.com/issues/24838"},{"type":"FIX","url":"https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1593308"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ceph/ceph","events":[{"introduced":"0"},{"last_affected":"3a9fba20ec743699b69bd0181dd6c54dc01c64b9"},{"introduced":"0"},{"last_affected":"3a66dd4f30852819c1bdaa8ec23c795d4ad77269"},{"introduced":"0"},{"last_affected":"45107e21c568dd033c2f0a3107dec8f0b0e58374"},{"introduced":"0"},{"last_affected":"ecc23778eb545d8dd55e2e4735b53cc93f92e65b"},{"introduced":"0"},{"last_affected":"9411351cc8ce9ee03fbd46225102fe3d28ddf611"},{"introduced":"0"},{"last_affected":"c461ee19ecbc0c5c330aca20f7392c9a00730367"},{"introduced":"0"},{"last_affected":"656b5b63ed7c43bd014bcafd81b001959d5f089f"},{"introduced":"0"},{"last_affected":"50e863e0f4bc8f4b9e31156de690d765af245185"},{"introduced":"0"},{"last_affected":"f5b1f1fd7c0be0506ba73502a675de9d048b744e"},{"introduced":"0"},{"last_affected":"2ee413f77150c0f375ff6f10edd6c8f9c7d060d0"},{"introduced":"0"},{"last_affected":"5dc1e4c05cb68dbf62ae6fce3f0700e4654fdbbe"},{"introduced":"0"},{"last_affected":"e4b061b47f07f583c92a050d9e84b1813a35671e"},{"introduced":"0"},{"last_affected":"32ce2a3ae5239ee33d6150705cdb24d43bab910c"},{"introduced":"0"},{"last_affected":"3e7492b9ada8bdc9a5cd0feafd42fbca27f9c38e"},{"introduced":"0"},{"last_affected":"cf0baeeeeba3b47f9427c6c97e2144b094b7e5ba"},{"introduced":"0"},{"last_affected":"2dab17a455c09584f2a85e6b10888337d1ec8949"},{"introduced":"0"},{"last_affected":"52085d5249a80c5f5121a76d6288429f35e4e77b"},{"introduced":"0"},{"last_affected":"cad919881333ac92274171586c827e01f554a70a"},{"introduced":"0"},{"last_affected":"488df8a1076c4f5fc5b8d18a90463262c438740f"},{"introduced":"0"},{"last_affected":"3ec878d1e53e1aeb47a9f619c49d9e7c0aa384d5"},{"introduced":"0"},{"last_affected":"f38fff5d093da678f6736c7a008511873c8d0fda"},{"introduced":"0"},{"last_affected":"5533ecdc0fda920179d7ad84e0aa65a127b20d77"},{"introduced":"0"},{"last_affected":"1d0909a0ace0d739990e3555707f415e61096d9c"},{"introduced":"0"},{"last_affected":"1d0909a0ace0d739990e3555707f415e61096d9c"},{"introduced":"0"},{"last_affected":"3c9db396aed1f773cbb3441dfb7a21f0b11ab3e1"},{"introduced":"0"},{"last_affected":"bd7989103911796eb5698cf208b0ccdc3370d707"},{"fixed":"975528f632f73fbffa3f1fee304e3bbe3296cffc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.2.0"},{"introduced":"0"},{"last_affected":"10.2.1"},{"introduced":"0"},{"last_affected":"10.2.2"},{"introduced":"0"},{"last_affected":"10.2.3"},{"introduced":"0"},{"last_affected":"10.2.4"},{"introduced":"0"},{"last_affected":"10.2.5"},{"introduced":"0"},{"last_affected":"10.2.6"},{"introduced":"0"},{"last_affected":"10.2.7"},{"introduced":"0"},{"last_affected":"10.2.8"},{"introduced":"0"},{"last_affected":"10.2.9"},{"introduced":"0"},{"last_affected":"10.2.10"},{"introduced":"0"},{"last_affected":"10.2.11"},{"introduced":"0"},{"last_affected":"12.2.0"},{"introduced":"0"},{"last_affected":"12.2.1"},{"introduced":"0"},{"last_affected":"12.2.2"},{"introduced":"0"},{"last_affected":"12.2.3"},{"introduced":"0"},{"last_affected":"12.2.4"},{"introduced":"0"},{"last_affected":"12.2.5"},{"introduced":"0"},{"last_affected":"12.2.6"},{"introduced":"0"},{"last_affected":"12.2.7"},{"introduced":"0"},{"last_affected":"13.2.0"},{"introduced":"0"},{"last_affected":"13.2.1"},{"introduced":"0"},{"last_affected":"2"},{"introduced":"0"},{"last_affected":"2"},{"introduced":"0"},{"last_affected":"15.0"},{"introduced":"0"},{"last_affected":"9.0"}]}}],"versions":["rrygrvmctuzz-build-me","ses2-gm","v0.1","v0.18","v0.19","v0.2","v0.4","v0.5","v0.6","v0.7.1","v0.7.2","v0.7.3","v0.9","v0.93","v0.94","v0.94.1","v0.94.2","v0.94.3","v0.94.4","v0.94.5","v10.2.0","v10.2.1","v10.2.10","v10.2.11","v10.2.2","v10.2.3","v10.2.4","v10.2.5","v10.2.6","v10.2.7","v10.2.8","v10.2.9","v11.0.0","v12.1.4","v12.2.0","v12.2.1","v12.2.2","v12.2.3","v12.2.4","v12.2.5","v12.2.6","v12.2.7","v13.0.0","v13.1.0","v13.1.1","v13.2.0","v13.2.1","v14.0.0","v15.0.0","v9.0.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3"}]},{"events":[{"introduced":"0"},{"last_affected":"3"}]},{"events":[{"introduced":"0"},{"last_affected":"3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10861.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}]}