HIGH🇵🇱 Wersja polska

CVE-2024-47866

CVSS 7.5v3.1pub. 2025-11-12upd. 2025-12-31

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Red Hat Ceph

    APP
    Redhat
    ≤ 19.2.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-3650HIGH7.8ten sam produkt

A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileg...

CVE-2020-27781HIGH7.1ten sam produkt

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in po...

CVE-2020-25660HIGH8.8ten sam produkt

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it d...

CVE-2018-1128HIGH7.5ten sam produkt

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to re...

CVE-2018-7262HIGH7.5ten sam produkt

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw d...