cvedb.io
CVE-2018-16889
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2019-01-28T14:29:00.220 · Last modified 2026-06-17T01:45:00.287

Summary

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.

Affected products

redhat — ceph

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.