Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-43040

Опубликовано: 26 сент. 2023
Источник: redhat
CVSS3: 6.3
EPSS Средний

Описание

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

A flaw was found in rgw. This flaw allows an unprivileged user to write to any bucket(s) accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket accessible by the specified access key as long as the bucket in the POST policy matches the bucket in the said POST form part.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 3librgw2Will not fix
Red Hat Ceph Storage 4librgw2Affected
Red Hat Openshift Container Storage 4librgw2Affected
Red Hat Openshift Data Foundation 4librgw2Affected
Red Hat Ceph Storage 5.3cephFixedRHSA-2024:074508.02.2024
Red Hat Ceph Storage 5.3ceph-ansibleFixedRHSA-2024:074508.02.2024
Red Hat Ceph Storage 5.3haproxyFixedRHSA-2024:074508.02.2024
Red Hat Ceph Storage 6.1cephFixedRHSA-2023:569312.10.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2216855rgw: improperly verified POST keys

EPSS

Процентиль: 93%
0.1017
Средний

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-43040

CVSS3: 6.5
ubuntu
больше 1 года назад

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

nvd логотип

CVE-2023-43040

CVSS3: 6.5
nvd
больше 1 года назад

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

msrc логотип

CVE-2023-43040

CVSS3: 6.5
msrc
больше 1 года назад

IBM Spectrum Fusion HCI improper access control

debian логотип

CVE-2023-43040

CVSS3: 6.5
debian
больше 1 года назад

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to ...

github логотип

GHSA-fwhj-j6cr-5qw4

CVSS3: 6.5
github
больше 1 года назад

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

EPSS

Процентиль: 93%
0.1017
Средний

6.3 Medium

CVSS3