Back to bug 1372446
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Siddharth Sharma | 2016-09-01 18:24:02 UTC | Blocks | 1372443 | |
| Siddharth Sharma | 2016-09-01 18:34:47 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,rhel-7/ceph=new,openstack-5-rhel5/ceph=new,openstack-5-rhel7/ceph=new,openstack-6-rhel7/ceph=new |
| Siddharth Sharma | 2016-09-01 19:01:01 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,rhel-7/ceph=new,openstack-5-rhel5/ceph=new,openstack-5-rhel7/ceph=new,openstack-6-rhel7/ceph=new | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,rhel-7/ceph=new,openstack-5-rhel5/ceph=new,openstack-5-rhel7/ceph=new,openstack-6-rhel7/ceph=new |
| Ken Dreyer (Red Hat) | 2016-09-01 22:30:57 UTC | See Also | https://bugzilla.redhat.com/show_bug.cgi?id=1372438 | |
| Siddharth Sharma | 2016-09-02 05:43:19 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,rhel-7/ceph=new,openstack-5-rhel5/ceph=new,openstack-5-rhel7/ceph=new,openstack-6-rhel7/ceph=new | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5-rhel5/ceph=new,openstack-5-rhel7/ceph=new,openstack-6-rhel7/ceph=new |
| Siddharth Sharma | 2016-09-02 05:44:47 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5-rhel5/ceph=new,openstack-5-rhel7/ceph=new,openstack-6-rhel7/ceph=new | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected |
| Siddharth Sharma | 2016-09-02 05:47:37 UTC | Alias | CVE-2016-7031 | |
| Siddharth Sharma | 2016-09-02 05:47:42 UTC | Summary | RGW permits bucket listing when authenticated_users=read | CVE-2016-7031 RGW permits bucket listing when authenticated_users=read |
| Siddharth Sharma | 2016-09-02 05:56:35 UTC | Depends On | 1372572 | |
| Tomas Hoger | 2016-09-05 07:36:38 UTC | Summary | CVE-2016-7031 RGW permits bucket listing when authenticated_users=read | CVE-2016-7031 ceph: RGW permits bucket listing when authenticated_users=read |
| Summer Long | 2016-09-06 02:34:53 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected |
| Summer Long | 2016-09-06 02:35:06 UTC | CC | aortega, apevec, ayoung, chrisw, cvsbot-xmlrpc, jschluet, kbasil, lhh, lpeer, markmc, mburns, rbryant, rhos-maint, sclewis, srevivo, tdecacqu | |
| Summer Long | 2016-09-06 02:37:23 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected,openstack-rdo/Ceph=notaffected |
| Summer Long | 2016-09-06 02:37:36 UTC | CC | lars | |
| Summer Long | 2016-09-06 02:41:48 UTC | CC | slong | |
| Whiteboard | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected,openstack-rdo/Ceph=notaffected | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected | ||
| Siddharth Sharma | 2016-09-26 05:40:05 UTC | Doc Text | A flaw was found in Ceph RGW code which allows anonymous user to list contents of RGW bucket. | |
| Eric Christensen | 2016-09-26 21:02:42 UTC | CC | sisharma, sparks | |
| Flags | needinfo?(sisharma) | |||
| Siddharth Sharma | 2016-09-27 04:20:38 UTC | Doc Text | A flaw was found in Ceph RGW code which allows anonymous user to list contents of RGW bucket. | A flaw was found in Ceph RGW code which allows anonymous user to list contents of RGW bucket by bypassing authenticated_users=read ACL which should only allow authenticated users to list contents of bucket. |
| Flags | needinfo?(sisharma) | |||
| Eric Christensen | 2016-09-27 16:22:44 UTC | Doc Text | A flaw was found in Ceph RGW code which allows anonymous user to list contents of RGW bucket by bypassing authenticated_users=read ACL which should only allow authenticated users to list contents of bucket. | A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing authenticated_users=read ACL which should only allow authenticated users to list contents of bucket. |
| Eric Christensen | 2016-09-28 16:18:51 UTC | CC | sparks | |
| Doc Text | A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing authenticated_users=read ACL which should only allow authenticated users to list contents of bucket. | A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket. | ||
| Siddharth Sharma | 2016-09-29 03:58:32 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected |
| Siddharth Sharma | 2016-09-29 08:30:45 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=upstream,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected | impact=moderate,public=20150923,reported=20160829,source=redhat,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected |
| Siddharth Sharma | 2016-09-29 14:35:37 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-09-29 10:35:37 UTC | |||
| Siddharth Sharma | 2016-10-04 13:36:06 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=redhat,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2.0/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected | impact=moderate,public=20150923,reported=20160829,source=redhat,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected |
| Siddharth Sharma | 2016-10-26 11:04:57 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=redhat,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected | impact=moderate,public=20150923,reported=20160829,source=redhat,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected,rhel-6/ceph=wontfix,rhel-7/ceph=wontfix |
| Siddharth Sharma | 2016-12-09 02:34:44 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=redhat,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected,rhel-6/ceph=wontfix,rhel-7/ceph=wontfix | impact=moderate,public=20150923,reported=20160829,source=redhat,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected |
| Stephen Herr | 2017-02-01 18:52:01 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=redhat,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected | impact=moderate,public=20150923,reported=20160829,source=redhat,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=3.0/CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected |
| Product Security DevOps Team | 2019-09-29 13:55:15 UTC | Whiteboard | impact=moderate,public=20150923,reported=20160829,source=redhat,cvss2=4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P,cvss3=3.0/CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N,ceph-1.3/ceph=affected,ceph-2/ceph=notaffected,openstack-5/Ceph=notaffected,openstack-6/Ceph=notaffected,openstack-foreman/Ceph=notaffected,openstack-6-installer/Ceph=notaffected |
Back to bug 1372446