UbuntuUSN-6613-1Ceph vulnerability
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Releases
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- ceph - distributed storage and file system
Details
Lucas Henry discovered that Ceph incorrectly handled specially
crafted POST requests. An uprivileged user could use this to
bypass Ceph’s authorization checks and upload a file to any bucket.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.10 | noarch | ceph | < 18.2.0-0ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ceph-base | < 18.2.0-0ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ceph-base-dbgsym | < 18.2.0-0ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ceph-common | < 18.2.0-0ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ceph-common-dbgsym | < 18.2.0-0ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ceph-fuse | < 18.2.0-0ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ceph-fuse-dbgsym | < 18.2.0-0ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ceph-grafana-dashboards | < 18.2.0-0ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ceph-immutable-object-cache | < 18.2.0-0ubuntu3.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | ceph-immutable-object-cache-dbgsym | < 18.2.0-0ubuntu3.1 | UNKNOWN |
References
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%