6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Lucas Henry discovered that Ceph incorrectly handled specially
crafted POST requests. An uprivileged user could use this to
bypass Ceph’s authorization checks and upload a file to any bucket.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 23.10 | noarch | ceph | < 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-base | < 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-base-dbgsym | < 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-common | < 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-common-dbgsym | < 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-fuse | < 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-fuse-dbgsym | < 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-grafana-dashboards | < 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-immutable-object-cache | < 18.2.0-0ubuntu3.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | ceph-immutable-object-cache-dbgsym | < 18.2.0-0ubuntu3.1 | UNKNOWN |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%