Lucene search

K
osvGoogleOSV:USN-6613-1
HistoryJan 29, 2024 - 6:08 p.m.

ceph vulnerability

2024-01-2918:08:52
Google
osv.dev
8
ceph
security
vulnerability
file upload
authorization
bypass
post requests

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

6.6

Confidence

Low

EPSS

0

Percentile

9.0%

Lucas Henry discovered that Ceph incorrectly handled specially
crafted POST requests. An uprivileged user could use this to
bypass Ceph’s authorization checks and upload a file to any bucket.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

6.6

Confidence

Low

EPSS

0

Percentile

9.0%