Lucene search

K
ubuntuUbuntuUSN-6613-1
HistoryJan 29, 2024 - 12:00 a.m.

Ceph vulnerability

2024-01-2900:00:00
ubuntu.com
15
ubuntu
ceph
vulnerability
authorization
post requests
file upload

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

6.8

Confidence

High

EPSS

0

Percentile

9.0%

Releases

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • ceph - distributed storage and file system

Details

Lucas Henry discovered that Ceph incorrectly handled specially
crafted POST requests. An uprivileged user could use this to
bypass Ceph’s authorization checks and upload a file to any bucket.

Rows per page:
1-10 of 3931

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

AI Score

6.8

Confidence

High

EPSS

0

Percentile

9.0%