AZL-40646

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40646.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-40646

Upstream

CVE-2023-43040

Published

2024-05-14T13:46:23Z

Modified

2026-04-01T05:14:08.398497Z

Summary

CVE-2023-43040 affecting package ceph for versions less than 16.2.10-4

Details

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-43040

Affected packages

Azure Linux:2 / ceph

Package

Name: ceph
Purl: pkg:rpm/azure-linux/ceph

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.2.10-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-40646.json"