Description of problem: An anonymous S3 user may be able to (incorrectly) list the contents of a bucket which has an authenticated_users=read ACL. Version-Release number of selected component (if applicable): 1.3.x Additional info: This issue corresponds to upstream tracker issue http://tracker.ceph.com/issues/13207 Fixed on master in https://github.com/ceph/ceph/pull/6057
This issue has been addressed in the following products: Red Hat Ceph Storage 1.3 for RHEL 7 Via RHSA-2016:1972 https://rhn.redhat.com/errata/RHSA-2016-1972.html
This issue has been addressed in the following products: Red Hat Ceph Storage 1.3 for Ubuntu Via RHSA-2016:1973 https://rhn.redhat.com/errata/RHSA-2016-1973.html