{"id":"PYSEC-2015-3","details":"The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.","aliases":["CVE-2015-4053","GHSA-79jf-ccm8-43w7"],"modified":"2026-06-10T17:00:42.447020021Z","published":"2015-06-08T14:59:00Z","references":[{"type":"WEB","url":"http://tracker.ceph.com/issues/11694"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/04/09/9"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/05/22/1"},{"type":"WEB","url":"http://www.securityfocus.com/bid/74775"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-1092.html"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-79jf-ccm8-43w7"}],"affected":[{"package":{"name":"ceph-deploy","ecosystem":"PyPI","purl":"pkg:pypi/ceph-deploy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.23"}]}],"versions":["1.1","1.2","1.2.1","1.2.2","1.2.3","1.2.5","1.2.6","1.2.7","1.3","1.3.1","1.3.2","1.3.3","1.3.5","1.4.0","1.5.0","1.5.1","1.5.10","1.5.11","1.5.12","1.5.13","1.5.14","1.5.16","1.5.17","1.5.18","1.5.19","1.5.2","1.5.20","1.5.21","1.5.22","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.5.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ceph-deploy/PYSEC-2015-3.yaml"}}],"schema_version":"1.7.5"}