3 matches found
PYSEC-2021-433
S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a ../ substring in a ListBucketResult element...
ceph: ListBucket max-keys has no defined limit in the RGW codebase
A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase. An authenticated ceph RGW user can cause a denial of service attack against OMAPs holding bucked indices...
CVE-2016-7031
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL...