vulnerability
Red Hat: CVE-2023-43040: Moderate: Red Hat Ceph Storage 6.1 security, enhancement, and bug fix update (RHSA-2023:5693)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:H/Au:N/C:N/I:C/A:P) | Oct 12, 2023 | Nov 1, 2023 | Feb 18, 2025 |
Severity
6
CVSS
(AV:N/AC:H/Au:N/C:N/I:C/A:P)
Published
Oct 12, 2023
Added
Nov 1, 2023
Modified
Feb 18, 2025
Description
A flaw was found in rgw. This flaw allows an unprivileged user to write to any bucket(s) accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket accessible by the specified access key as long as the bucket in the POST policy matches the bucket in the said POST form part.
Solutions
redhat-upgrade-ceph-baseredhat-upgrade-ceph-base-debuginforedhat-upgrade-ceph-commonredhat-upgrade-ceph-common-debuginforedhat-upgrade-ceph-debuginforedhat-upgrade-ceph-debugsourceredhat-upgrade-ceph-exporter-debuginforedhat-upgrade-ceph-fuseredhat-upgrade-ceph-fuse-debuginforedhat-upgrade-ceph-immutable-object-cacheredhat-upgrade-ceph-immutable-object-cache-debuginforedhat-upgrade-ceph-mds-debuginforedhat-upgrade-ceph-mgr-debuginforedhat-upgrade-ceph-mibredhat-upgrade-ceph-mon-debuginforedhat-upgrade-ceph-osd-debuginforedhat-upgrade-ceph-radosgw-debuginforedhat-upgrade-ceph-resource-agentsredhat-upgrade-ceph-selinuxredhat-upgrade-ceph-test-debuginforedhat-upgrade-cephadmredhat-upgrade-cephadm-ansibleredhat-upgrade-cephfs-mirror-debuginforedhat-upgrade-cephfs-topredhat-upgrade-libcephfs-develredhat-upgrade-libcephfs2redhat-upgrade-libcephfs2-debuginforedhat-upgrade-libcephsqlite-debuginforedhat-upgrade-librados-develredhat-upgrade-librados-devel-debuginforedhat-upgrade-libradospp-develredhat-upgrade-libradosstriper1redhat-upgrade-libradosstriper1-debuginforedhat-upgrade-librbd-develredhat-upgrade-librgw-develredhat-upgrade-librgw2redhat-upgrade-librgw2-debuginforedhat-upgrade-python3-ceph-argparseredhat-upgrade-python3-ceph-commonredhat-upgrade-python3-cephfsredhat-upgrade-python3-cephfs-debuginforedhat-upgrade-python3-radosredhat-upgrade-python3-rados-debuginforedhat-upgrade-python3-rbdredhat-upgrade-python3-rbd-debuginforedhat-upgrade-python3-rgwredhat-upgrade-python3-rgw-debuginforedhat-upgrade-rbd-fuse-debuginforedhat-upgrade-rbd-mirror-debuginforedhat-upgrade-rbd-nbdredhat-upgrade-rbd-nbd-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.