Endpoint Vulnerability

CVE-2015-3010ceph-deploy: keyring permissions are world readable in ceph

Description

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file.

Affected Products

ceph-deploy

References

CVE-2015-3010,