Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HRed Hat Ceph
APPRedhat≤ 19.2.3
Powiązane podatności
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileg...
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in po...
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it d...
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to re...
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw d...