Back to bug 1403007
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Ken Dreyer (Red Hat) | 2016-12-08 21:05:41 UTC | Keywords | Security | |
| CC | kdreyer | |||
| Ken Dreyer (Red Hat) | 2016-12-08 21:05:59 UTC | Target Release | 2.2 | 1.3.4 |
| Matt Benjamin (redhat) | 2016-12-08 21:12:23 UTC | Status | NEW | POST |
| Ken Dreyer (Red Hat) | 2016-12-08 22:17:34 UTC | Status | POST | MODIFIED |
| Fixed In Version | RHEL: ceph-0.94.9-9.el7cp Ubuntu: ceph_0.94.9-10redhat1trusty | |||
| Ken Dreyer (Red Hat) | 2016-12-08 22:29:56 UTC | Target Release | 1.3.4 | 1.3.3 |
| Andrej Nemec | 2016-12-09 14:04:51 UTC | Blocks | 1403245 | |
| Ken Dreyer (Red Hat) | 2016-12-09 16:02:10 UTC | Depends On | 1403003 | |
| Siddharth Sharma | 2016-12-13 06:53:25 UTC | CC | sisharma | |
| Siddharth Sharma | 2016-12-13 17:07:23 UTC | Summary | An authenticated user can provoke an abort() of the RGW server by sending a request with an invalid HTTP Origin header, against buckets with CORS AllowedOrigin rules. | An anonymous user can provoke an abort() of the RGW server by sending a request with an invalid HTTP Origin header, against buckets with CORS AllowedOrigin rules. |
| Harish NV Rao | 2016-12-16 06:51:46 UTC | CC | hnallurv | |
| errata-xmlrpc | 2016-12-16 06:56:22 UTC | Status | MODIFIED | ON_QA |
| Ken Dreyer (Red Hat) | 2016-12-16 17:03:54 UTC | Status | ON_QA | CLOSED |
| Resolution | --- | DUPLICATE | ||
| Last Closed | 2016-12-16 12:03:54 UTC | |||
| Drew Harris | 2017-07-30 16:03:00 UTC | Sub Component | RGW | |
| CC | kbader | |||
| Component | Ceph | RGW |
Back to bug 1403007