vulnerability
CentOS Linux: CVE-2023-43040: Moderate: Red Hat Ceph Storage 6.1 security, enhancement, and bug fix update (CESA-2023:5693)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:H/Au:N/C:N/I:C/A:P) | Oct 12, 2023 | Nov 1, 2023 | Feb 18, 2025 |
Severity
6
CVSS
(AV:N/AC:H/Au:N/C:N/I:C/A:P)
Published
Oct 12, 2023
Added
Nov 1, 2023
Modified
Feb 18, 2025
Description
A flaw was found in rgw. This flaw allows an unprivileged user to write to any bucket(s) accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket accessible by the specified access key as long as the bucket in the POST policy matches the bucket in the said POST form part.
Solutions
centos-upgrade-ceph-basecentos-upgrade-ceph-base-debuginfocentos-upgrade-ceph-commoncentos-upgrade-ceph-common-debuginfocentos-upgrade-ceph-debuginfocentos-upgrade-ceph-debugsourcecentos-upgrade-ceph-exporter-debuginfocentos-upgrade-ceph-fusecentos-upgrade-ceph-fuse-debuginfocentos-upgrade-ceph-immutable-object-cachecentos-upgrade-ceph-immutable-object-cache-debuginfocentos-upgrade-ceph-mds-debuginfocentos-upgrade-ceph-mgr-debuginfocentos-upgrade-ceph-mibcentos-upgrade-ceph-mon-debuginfocentos-upgrade-ceph-osd-debuginfocentos-upgrade-ceph-radosgw-debuginfocentos-upgrade-ceph-resource-agentscentos-upgrade-ceph-selinuxcentos-upgrade-ceph-test-debuginfocentos-upgrade-cephadmcentos-upgrade-cephadm-ansiblecentos-upgrade-cephfs-mirror-debuginfocentos-upgrade-cephfs-topcentos-upgrade-libcephfs-develcentos-upgrade-libcephfs2centos-upgrade-libcephfs2-debuginfocentos-upgrade-libcephsqlite-debuginfocentos-upgrade-librados-develcentos-upgrade-librados-devel-debuginfocentos-upgrade-libradospp-develcentos-upgrade-libradosstriper1centos-upgrade-libradosstriper1-debuginfocentos-upgrade-librbd-develcentos-upgrade-librgw-develcentos-upgrade-librgw2centos-upgrade-librgw2-debuginfocentos-upgrade-python3-ceph-argparsecentos-upgrade-python3-ceph-commoncentos-upgrade-python3-cephfscentos-upgrade-python3-cephfs-debuginfocentos-upgrade-python3-radoscentos-upgrade-python3-rados-debuginfocentos-upgrade-python3-rbdcentos-upgrade-python3-rbd-debuginfocentos-upgrade-python3-rgwcentos-upgrade-python3-rgw-debuginfocentos-upgrade-rbd-fuse-debuginfocentos-upgrade-rbd-mirror-debuginfocentos-upgrade-rbd-nbdcentos-upgrade-rbd-nbd-debuginfo
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.