Описание
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
A flaw was found in the Red Hat Ceph Storage RGW. When processing a GET Request for a swift URL that ends with two slashes, it can cause the RGW to crash, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Отчет
- Red Hat OpenStack Platform deployments use the ceph package directly from the Ceph channel; the RHOSP package will not be updated at this time.
- This issue did not affect the versions of ceph as shipped with Red Hat Enterprise Linux 8 as they did not include support for RGW.
- Red Hat OpenShift Container Storage (RHOCS) 4 shipped ceph package for the usage of RHOCS 4.2 only, that has reached End Of Life. The shipped version of ceph package is no longer used and supported with the release of RHOCS 4.3.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | ceph | Out of support scope | ||
| Red Hat Ceph Storage 3 | ceph | Out of support scope | ||
| Red Hat Ceph Storage 4 | ceph | Affected | ||
| Red Hat Enterprise Linux 7 | ceph-common | Out of support scope | ||
| Red Hat Enterprise Linux 8 | ceph | Not affected | ||
| Red Hat Enterprise Linux 9 | ceph | Not affected | ||
| Red Hat Openshift Container Storage 4 | ceph | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | ceph | Will not fix | ||
| Red Hat Ceph Storage 5.1 | ceph | Fixed | RHSA-2022:1174 | 04.04.2022 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...
A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability.
Уязвимость компонента RGW системы хранения данных Ceph, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
5.3 Medium
CVSS3