vulnerability
SUSE: CVE-2017-16818: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | 2017-12-20 | 2018-05-19 | 2022-02-04 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
2017-12-20
Added
2018-05-19
Modified
2022-02-04
Description
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.
Solution(s)
suse-upgrade-ceph-commonsuse-upgrade-libcephfs-develsuse-upgrade-libcephfs2suse-upgrade-librados-develsuse-upgrade-librados2suse-upgrade-libradospp-develsuse-upgrade-libradosstriper-develsuse-upgrade-libradosstriper1suse-upgrade-librbd-develsuse-upgrade-librbd1suse-upgrade-librgw-develsuse-upgrade-librgw2suse-upgrade-python-cephfssuse-upgrade-python-radossuse-upgrade-python-rbdsuse-upgrade-python-rgwsuse-upgrade-python3-ceph-argparsesuse-upgrade-python3-ceph-commonsuse-upgrade-python3-cephfssuse-upgrade-python3-radossuse-upgrade-python3-rbdsuse-upgrade-python3-rgwsuse-upgrade-rados-objclass-develsuse-upgrade-rbd-nbd
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.