debian · CVE-2018-1128

Quick triage

Priority: not yet assigned Published: Updated: Tue, 07 Jul 2026 02:04:12 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-1128 not yet assigned priority: Debian including 2 source packages (ceph, linux), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 10.

Description:

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

cvelogic Threat Intelligence