#VU82112 Improper Authorization in Ceph - CVE-2023-43040


| Updated: 2024-08-02

Vulnerability identifier: #VU82112

Vulnerability risk: Medium

CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2023-43040

CWE-ID: CWE-285

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Ceph
Server applications / Other server solutions

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improper authorization in radogw API gateway in Ceph when processing POST requests. A remote unprivileged user can write to any bucket(s) accessible by a given key if a POST form-data contains a key called "bucket" with a value matching the bucket's name used to sign the request.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Ceph: 17.0.0 - 17.2.5

External links
http://bugzilla.redhat.com/show_bug.cgi?id=2216855

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Debian update for ceph
Improper authorization in IBM Storage Ceph
Improper authorization in IBM Storage Fusion
Multiple vulnerabilities in Red Hat Ceph Storage 5.3
Ubuntu update for ceph
Multiple vulnerabilities in Red Hat OpenShift Data Foundation 4.14
openEuler update for ceph
Multiple vulnerabilities in Red Hat Ceph Storage 6.1