Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 2020740

Summary: CVE-2020-27304 ceph: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API [ceph-3-default]
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Sage McTaggart <amctagga>
Component: SecurityAssignee: Scott Ostapovicz <sostapov>
Status: CLOSED WONTFIX QA Contact: Veera Raghava Reddy <vereddy>
Severity: high Docs Contact:
Priority: high    
Version: 3.3CC: ceph-eng-bugs, ceph-qe-bugs
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: Backlog   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-31 15:20:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2016640    
Deadline: 2021-11-08   

Description Sage McTaggart 2021-11-05 17:56:24 UTC 
ceph storage 2 tracking bug for ceph: see the bugs linked in the "Blocks" field of this bug for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes in the blocked bugs.

Impact: Important
Public Date: 18-October-2021
PM Fix/Wontfix Decision By: 08-Nov-2021
Resolve Bug By: n/a

In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then. Remember to explicitly set CLOSED:WONTFIX if you decide not to fix this bug.

Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9RBqB
Comment 2 Scott Ostapovicz 2022-01-31 15:20:43 UTC 
Ceph 3 issues are no longer in scope (EOL)