0.004 Low
EPSS
Percentile
74.6%
A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase. An authenticated ceph RGW user can cause a denial of service attack against OMAPs holding bucked indices.
bugzilla.redhat.com/show_bug.cgi?id=1644461
www.cve.org/CVERecord?id=CVE-2018-16846 https://nvd.nist.gov/vuln/detail/CVE-2018-16846 https://ceph.com/releases/13-2-4-mimic-released/