Lucas Henry discovered that Ceph incorrectly handled specially
crafted POST requests. An uprivileged user could use this to
bypass Ceph’s authorization checks and upload a file to any bucket.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 23.10 | noarch | ceph | <Â 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-base | <Â 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-base-dbgsym | <Â 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-common | <Â 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-common-dbgsym | <Â 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-fuse | <Â 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-fuse-dbgsym | <Â 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-grafana-dashboards | <Â 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-immutable-object-cache | <Â 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-immutable-object-cache-dbgsym | <Â 18.2.0-0ubuntu3.1 | UNKNOWN |