Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43695
HistoryOct 10, 2023 - 3:23 a.m.

Improper Access Control

2023-10-1003:23:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
improper access control
ceph
attacker compromise
malicious files
system attack.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

EPSS

0

Percentile

9.0%

ceph is vulnerable to Improper Access Control. An attacker could exploit this vulnerability to upload malicious files to any bucket accessible by the specified access key. This could allow the attacker to compromise the data stored in the bucket, or to launch further attacks against the system.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

EPSS

0

Percentile

9.0%