2008860 – rgw: With policy specifying invalid arn, users can list content of any bucket

Bug 2008860 - rgw: With policy specifying invalid arn, users can list content of any bucket

Summary: rgw: With policy specifying invalid arn, users can list content of any bucket

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	4.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	4.3
Assignee:	Matt Benjamin (redhat)
QA Contact:	Vidushi Mishra
Docs Contact:
URL:
Whiteboard:
Depends On:	2007335
Blocks:	2008858
TreeView+	depends on / blocked

Reported:	2021-09-29 11:34 UTC by Pritha Srivastava
Modified:	2022-05-05 07:54 UTC (History)
CC List:	8 users (show)
Fixed In Version:	ceph-14.2.22-7.el8cp, ceph-14.2.22-7.el7cp
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	2007335
Environment:
Last Closed:	2022-05-05 07:54:05 UTC
Embargoed:
Dependent Products:
Flags:	vimishra: automate_bug+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-1930	0	None	None	None	2021-09-29 11:40:05 UTC
Red Hat Product Errata	RHSA-2022:1716	0	None	None	None	2022-05-05 07:54:26 UTC

Comment 8 errata-xmlrpc 2022-05-05 07:54:05 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1716

Note You need to log in before you can comment on or make changes to this bug.