Описание
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 12.2.2-0ubuntu0.17.10.1 |
| devel | not-affected | 12.2.2-0ubuntu2 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| precise/esm | not-affected | code not present |
| trusty | not-affected | code not present |
| trusty/esm | not-affected | code not present |
| upstream | released | 12.2.2 |
| xenial | not-affected | code not present |
| zesty | not-affected | code not present |
Показывать по
Ссылки на источники
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticate ...
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.
4 Medium
CVSS2
6.5 Medium
CVSS3