The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
References
Link | Resource |
---|---|
http://docs.ceph.com/docs/master/release-notes/#v10-0-1 | Release Notes Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1972.html | Release Notes Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1973.html | |
http://tracker.ceph.com/issues/13207 | Exploit Issue Tracking Vendor Advisory |
http://www.securityfocus.com/bid/93240 | |
https://github.com/ceph/ceph/pull/6057 | Patch Vendor Advisory |
http://docs.ceph.com/docs/master/release-notes/#v10-0-1 | Release Notes Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1972.html | Release Notes Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1973.html | |
http://tracker.ceph.com/issues/13207 | Exploit Issue Tracking Vendor Advisory |
http://www.securityfocus.com/bid/93240 | |
https://github.com/ceph/ceph/pull/6057 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:57
Type | Values Removed | Values Added |
---|---|---|
References | () http://docs.ceph.com/docs/master/release-notes/#v10-0-1 - Release Notes, Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2016-1972.html - Release Notes, Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2016-1973.html - | |
References | () http://tracker.ceph.com/issues/13207 - Exploit, Issue Tracking, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/93240 - | |
References | () https://github.com/ceph/ceph/pull/6057 - Patch, Vendor Advisory |
Information
Published : 2016-10-03 18:59
Updated : 2024-11-21 02:57
NVD link : CVE-2016-7031
Mitre link : CVE-2016-7031
CVE.ORG link : CVE-2016-7031
JSON object : View
Products Affected
ceph_project
- ceph
redhat
- ceph_storage