{
  "threat_severity" : "Moderate",
  "public_date" : "2026-01-20T00:00:00Z",
  "bugzilla" : {
    "description" : "pybind: Improper use of Pybind",
    "id" : "2389907",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2389907"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-295",
  "details" : [ "A flaw was found in Ceph. An attacker can allow Ceph to accept any certificate because no certificate context is passed via Pybind to the constructors imaplib.IMAP4_SSL or smtplib.SMTP_SSL. As a result, pybind pybind does not check the server's X.509\ncertificate, instead accepting any certificate. This enables an attacker to commit a Man In the Middle (MITM) attack, compromising mail server credentials or mail contents" ],
  "acknowledgement" : "Red Hat would like to thank Martin Schobert for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Ceph Storage 7.1",
    "release_date" : "2026-02-17T00:00:00Z",
    "advisory" : "RHSA-2026:2769",
    "cpe" : "cpe:/a:redhat:ceph_storage:7.1::el8",
    "package" : "ceph-2:18.2.1-381.el8cp"
  }, {
    "product_name" : "Red Hat Ceph Storage 8.1",
    "release_date" : "2026-02-16T00:00:00Z",
    "advisory" : "RHSA-2026:2711",
    "cpe" : "cpe:/a:redhat:ceph_storage:8.1::el9",
    "package" : "ceph-2:19.2.1-331.el9cp"
  }, {
    "product_name" : "Red Hat Ceph Storage 9.0",
    "release_date" : "2026-01-29T00:00:00Z",
    "advisory" : "RHSA-2026:1536",
    "cpe" : "cpe:/a:redhat:ceph_storage:9.0::el9",
    "package" : "ceph-2:20.1.0-144.el10cp"
  }, {
    "product_name" : "Red Hat Ceph Storage 7",
    "release_date" : "2026-02-17T00:00:00Z",
    "advisory" : "RHSA-2026:2800",
    "cpe" : "cpe:/a:redhat:ceph_storage:7::el9",
    "package" : "rhceph/rhceph-7-rhel9:sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353"
  }, {
    "product_name" : "Red Hat Ceph Storage 8",
    "release_date" : "2026-02-16T00:00:00Z",
    "advisory" : "RHSA-2026:2737",
    "cpe" : "cpe:/a:redhat:ceph_storage:8::el9",
    "package" : "rhceph/rhceph-8-rhel9:sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-31884\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31884" ],
  "name" : "CVE-2024-31884",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}