Описание
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenStack Foreman | Ceph | Not affected | ||
| Red Hat Ceph Storage 2 | ceph | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | Ceph | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | Ceph | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | Ceph | Not affected | ||
| Red Hat Ceph Storage 1.3 for Red Hat Enterprise Linux 7 | calamari-server | Fixed | RHSA-2016:1972 | 29.09.2016 |
| Red Hat Ceph Storage 1.3 for Red Hat Enterprise Linux 7 | ceph | Fixed | RHSA-2016:1972 | 29.09.2016 |
| Red Hat Ceph Storage 1.3 for Red Hat Enterprise Linux 7 | ceph-deploy | Fixed | RHSA-2016:1972 | 29.09.2016 |
| Red Hat Ceph Storage 1.3 for Red Hat Enterprise Linux 7 | radosgw-agent | Fixed | RHSA-2016:1972 | 29.09.2016 |
| Red Hat Ceph Storage 1.3 for Ubuntu | Fixed | RHSA-2016:1973 | 29.09.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
3 Low
CVSS3
4.9 Medium
CVSS2
Связанные уязвимости
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is app ...
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
EPSS
3 Low
CVSS3
4.9 Medium
CVSS2