CVE-2017-16818
Published: 20 December 2017
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.
Priority
CVSS 3 base score: 6.5
Status
Package | Release | Status |
---|---|---|
ceph Launchpad, Ubuntu, Debian |
upstream |
Released
(12.2.2)
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
xenial |
Not vulnerable
(code not present)
|
|
zesty |
Not vulnerable
(code not present)
|
|
artful |
Released
(12.2.2-0ubuntu0.17.10.1)
|
|
Patches: upstream: https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a |