Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN061 _____________________________________________________________________ DATE : 22/01/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running pybind (ceph) versions prior to 20.2.1, 19.2.4, 18.2.9. ===================================================================== https://github.com/ceph/ceph/security/advisories/GHSA-xj9f-7g59-m4jx _____________________________________________________________________ Incorrect usage of certificate checking via Pybind use Moderate mctaggatart published GHSA-xj9f-7g59-m4jx Jan 21, 2026 Package pybind (ceph) Affected versions >= v15.1.0 Patched versions v20.2.1, v19.2.4, v18.2.9 Description Description: A vulnerability was found in how Ceph uses Pybind, which does not implement correct certificate checking. No SSL context is passed to the constructor imaplib.IMAP4_SSL or smtplib.SMTP_SSL. As a result, pybind does not check the server's X.509 certificate, instead accepting any certificate. This can allow an attacker to compromise mail server credentials or mail contents, via a Man In The Middle (MITM) attack, impacting confidentiality and availability. Mitigation: None Fixed in: IBM Storage Ceph 9.0. Fixed via following PRs. #66089 20.2.1 #66140 19.2.4 #66141 18.2.9 #66142 Severity Moderate 6.5/ 10 CVSS v3 base metrics Attack vector Network Attack complexity High Privileges required None User interaction None Scope Unchanged Confidentiality High Integrity Low Availability None CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE ID CVE-2024-31884 Weaknesses Weakness CWE-295 Credits @nitram2342 nitram2342 Reporter ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================