AVG-1826 log

Package ceph
Status Vulnerable
Severity High
Type insufficient validation
Affected 15.2.10-1
Fixed Unknown
Current 15.2.10-1 [community]
Ticket FS#70451
Created Wed Apr 14 20:06:40 2021
Issue Severity Remote Type Description
CVE-2021-20288 High Yes Insufficient validation
An authentication flaw was found in ceph. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse....
References
https://www.openwall.com/lists/oss-security/2021/04/14/2
https://github.com/ceph/ceph/commit/f3a4166379b12d4a7bba667fe761e5b660552db1