Описание
IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906.
A flaw was found in Ceph. Certain misconfigurations of CORS rules in Ceph could result in a significantly large memory allocation. This issue can lead to RGW crashing and a denial of service from an authenticated user on the network.
Отчет
Red Hat Enterprise Linux does not ship RGW, only the associated client libraries. Hence, versions of Ceph shipped in RHEL are not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 3 | ceph | Not affected | ||
| Red Hat Ceph Storage 4 | ceph | Not affected | ||
| Red Hat Enterprise Linux 8 | ceph | Not affected | ||
| Red Hat Enterprise Linux 9 | ceph | Not affected | ||
| Red Hat Openshift Container Storage 4 | ceph | Not affected | ||
| Red Hat Openshift Data Foundation 4 | ceph | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | ceph | Not affected | ||
| Red Hat Ceph Storage 5.3 | ceph | Fixed | RHSA-2024:0745 | 08.02.2024 |
| Red Hat Ceph Storage 5.3 | ceph-ansible | Fixed | RHSA-2024:0745 | 08.02.2024 |
| Red Hat Ceph Storage 5.3 | haproxy | Fixed | RHSA-2024:0745 | 08.02.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS3
Связанные уязвимости
IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906.
IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906.
EPSS
2.6 Low
CVSS3