1372446 – (CVE-2016-7031) CVE-2016-7031 ceph: RGW permits bucket listing when authenticated_users=read

Bug 1372446 (CVE-2016-7031) - CVE-2016-7031 ceph: RGW permits bucket listing when authenticated_users=read

Summary: CVE-2016-7031 ceph: RGW permits bucket listing when authenticated_users=read

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-7031
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1372572
Blocks:	1372443
TreeView+	depends on / blocked

Reported:	2016-09-01 18:22 UTC by Siddharth Sharma
Modified:	2019-09-29 13:55 UTC (History)
CC List:	20 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket.
Clone Of:
Environment:
Last Closed:	2016-09-29 14:35:37 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1372438	unspecified	CLOSED	RGW permits bucket listing when authenticated_users=read	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHSA-2016:1972	normal	SHIPPED_LIVE	Moderate: Red Hat Ceph Storage 1.3.3 security, bug fix, and enhancement update	2016-09-29 16:51:21 UTC
Red Hat Product Errata	RHSA-2016:1973	normal	SHIPPED_LIVE	Moderate: Red Hat Ceph Storage 1.3.3 security, bug fix, and enhancement update	2016-09-29 17:11:28 UTC

Internal Links: 1372438

Description Siddharth Sharma 2016-09-01 18:22:03 UTC

Description of problem:

An anonymous S3 user may be able to (incorrectly) list the contents of a bucket which has an authenticated_users=read ACL.


Version-Release number of selected component (if applicable):
1.3.x


Additional info:
This issue corresponds to upstream tracker issue
http://tracker.ceph.com/issues/13207

Fixed on master in
https://github.com/ceph/ceph/pull/6057

Comment 4 errata-xmlrpc 2016-09-29 13:00:51 UTC

This issue has been addressed in the following products:

  Red Hat Ceph Storage 1.3 for RHEL 7

Via RHSA-2016:1972 https://rhn.redhat.com/errata/RHSA-2016-1972.html

Comment 5 errata-xmlrpc 2016-09-29 13:14:50 UTC

This issue has been addressed in the following products:

  Red Hat Ceph Storage 1.3 for Ubuntu

Via RHSA-2016:1973 https://rhn.redhat.com/errata/RHSA-2016-1973.html

Note You need to log in before you can comment on or make changes to this bug.

aortega
apevec
ayoung
ceph-eng-bugs
chrisw
cvsbot-xmlrpc
jschluet
kbasil
lars
lhh
lpeer
markmc
mburns
rbryant
rhos-maint
sclewis
sisharma
slong
srevivo
tdecacqu