4
CVSSv2

CVE-2017-16818

Published: 20/12/2017 Updated: 07/11/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Summary

RADOS Gateway in Ceph 12.1.0 up to and including 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat ceph

fedoraproject fedora 27

Vendor Advisories

RADOS Gateway in Ceph 1210 through 1221 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policycc, rgw/rgw_basic_typesh, and rgw/rgw_iam_typesh ...