{"id":"PYSEC-2015-2","details":"ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.","aliases":["CVE-2015-3010","GHSA-9w4f-3v37-6f75"],"modified":"2024-04-29T16:41:33.582667Z","published":"2015-06-16T16:59:00Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/04/09/9"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-1092.html"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=920926"},{"type":"WEB","url":"https://github.com/ceph/ceph-deploy/pull/272"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/04/09/11"},{"type":"FIX","url":"https://github.com/ceph/ceph-deploy/commit/eee56770393bf19ed2dd5389226c6190c08dee3f"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155576.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/74043"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155631.html"}],"affected":[{"package":{"name":"ceph-deploy","ecosystem":"PyPI","purl":"pkg:pypi/ceph-deploy"},"ranges":[{"type":"GIT","repo":"https://github.com/ceph/ceph-deploy","events":[{"introduced":"0"},{"fixed":"eee56770393bf19ed2dd5389226c6190c08dee3f"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.23"}]}],"versions":["1.1","1.2","1.2.1","1.2.2","1.2.3","1.2.5","1.2.6","1.2.7","1.3","1.3.1","1.3.2","1.3.3","1.3.5","1.4.0","1.5.0","1.5.1","1.5.10","1.5.11","1.5.12","1.5.13","1.5.14","1.5.16","1.5.17","1.5.18","1.5.19","1.5.2","1.5.20","1.5.21","1.5.22","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.5.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ceph-deploy/PYSEC-2015-2.yaml"}}],"schema_version":"1.7.3"}