Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Upstream Patch: https://github.com/ceph/ceph/pull/25881/commits Upstream Bug: http://tracker.ceph.com/issues/37847
Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1665335]
This issue has been addressed in the following products: Red Hat Ceph Storage 3.3 Via RHSA-2019:2538 https://access.redhat.com/errata/RHSA-2019:2538
This issue has been addressed in the following products: Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 Via RHSA-2019:2541 https://access.redhat.com/errata/RHSA-2019:2541
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-16889