First published: Mon Jan 29 2024(Updated: )
Lucas Henry discovered that Ceph incorrectly handled specially crafted POST requests. An uprivileged user could use this to bypass Ceph's authorization checks and upload a file to any bucket.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/ceph | <18.2.0-0ubuntu3.1 | 18.2.0-0ubuntu3.1 |
Ubuntu Ubuntu | =23.10 | |
All of | ||
ubuntu/ceph-base | <18.2.0-0ubuntu3.1 | 18.2.0-0ubuntu3.1 |
Ubuntu Ubuntu | =23.10 | |
All of | ||
ubuntu/ceph-common | <18.2.0-0ubuntu3.1 | 18.2.0-0ubuntu3.1 |
Ubuntu Ubuntu | =23.10 | |
All of | ||
ubuntu/ceph | <17.2.6-0ubuntu0.22.04.3 | 17.2.6-0ubuntu0.22.04.3 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/ceph-base | <17.2.6-0ubuntu0.22.04.3 | 17.2.6-0ubuntu0.22.04.3 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/ceph-common | <17.2.6-0ubuntu0.22.04.3 | 17.2.6-0ubuntu0.22.04.3 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/ceph | <15.2.17-0ubuntu0.20.04.6 | 15.2.17-0ubuntu0.20.04.6 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/ceph-base | <15.2.17-0ubuntu0.20.04.6 | 15.2.17-0ubuntu0.20.04.6 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/ceph-common | <15.2.17-0ubuntu0.20.04.6 | 15.2.17-0ubuntu0.20.04.6 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/ceph | <12.2.13-0ubuntu0.18.04.11+esm1 | 12.2.13-0ubuntu0.18.04.11+esm1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/ceph-base | <12.2.13-0ubuntu0.18.04.11+esm1 | 12.2.13-0ubuntu0.18.04.11+esm1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/ceph-common | <12.2.13-0ubuntu0.18.04.11+esm1 | 12.2.13-0ubuntu0.18.04.11+esm1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/ceph | <10.2.11-0ubuntu0.16.04.3+esm1 | 10.2.11-0ubuntu0.16.04.3+esm1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/ceph-common | <10.2.11-0ubuntu0.16.04.3+esm1 | 10.2.11-0ubuntu0.16.04.3+esm1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/ceph | <0.80.11-0ubuntu1.14.04.4+esm2 | 0.80.11-0ubuntu1.14.04.4+esm2 |
Ubuntu Ubuntu | =14.04 | |
All of | ||
ubuntu/ceph-common | <0.80.11-0ubuntu1.14.04.4+esm2 | 0.80.11-0ubuntu1.14.04.4+esm2 |
Ubuntu Ubuntu | =14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.