A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "radosgw-dbg": "10.2.11-0ubuntu0.16.04.3", "libcephfs1-dbgsym": "10.2.11-0ubuntu0.16.04.3", "ceph-dbg": "10.2.11-0ubuntu0.16.04.3", "ceph-mds": "10.2.11-0ubuntu0.16.04.3", "rbd-fuse-dbgsym": "10.2.11-0ubuntu0.16.04.3", "rbd-mirror-dbgsym": "10.2.11-0ubuntu0.16.04.3", "ceph-dbgsym": "10.2.11-0ubuntu0.16.04.3", "libradosstriper1-dbgsym": "10.2.11-0ubuntu0.16.04.3", "rbd-nbd": "10.2.11-0ubuntu0.16.04.3", "ceph-mds-dbgsym": "10.2.11-0ubuntu0.16.04.3", "ceph-fuse-dbg": "10.2.11-0ubuntu0.16.04.3", "ceph-fuse-dbgsym": "10.2.11-0ubuntu0.16.04.3", "rbd-nbd-dbgsym": "10.2.11-0ubuntu0.16.04.3", "ceph-resource-agents": "10.2.11-0ubuntu0.16.04.3", "librbd1-dbg": "10.2.11-0ubuntu0.16.04.3", "librbd1-dbgsym": "10.2.11-0ubuntu0.16.04.3", "ceph-fs-common-dbg": "10.2.11-0ubuntu0.16.04.3", "python-ceph": "10.2.11-0ubuntu0.16.04.3", "ceph-test-dbg": "10.2.11-0ubuntu0.16.04.3", "ceph-common": "10.2.11-0ubuntu0.16.04.3", "libcephfs-jni-dbg": "10.2.11-0ubuntu0.16.04.3", "rbd-fuse": "10.2.11-0ubuntu0.16.04.3", "libcephfs-java": "10.2.11-0ubuntu0.16.04.3", "ceph-test": "10.2.11-0ubuntu0.16.04.3", "python-rados": "10.2.11-0ubuntu0.16.04.3", "libcephfs1": "10.2.11-0ubuntu0.16.04.3", "radosgw": "10.2.11-0ubuntu0.16.04.3", "ceph-common-dbgsym": "10.2.11-0ubuntu0.16.04.3", "libcephfs-jni": "10.2.11-0ubuntu0.16.04.3", "radosgw-dbgsym": "10.2.11-0ubuntu0.16.04.3", "rbd-mirror-dbg": "10.2.11-0ubuntu0.16.04.3", "librados-dev": "10.2.11-0ubuntu0.16.04.3", "libradosstriper-dev": "10.2.11-0ubuntu0.16.04.3", "ceph-fuse": "10.2.11-0ubuntu0.16.04.3", "librgw2": "10.2.11-0ubuntu0.16.04.3", "ceph-fs-common": "10.2.11-0ubuntu0.16.04.3", "librados2": "10.2.11-0ubuntu0.16.04.3", "ceph": "10.2.11-0ubuntu0.16.04.3", "librados2-dbgsym": "10.2.11-0ubuntu0.16.04.3", "librgw2-dbg": "10.2.11-0ubuntu0.16.04.3", "librbd-dev": "10.2.11-0ubuntu0.16.04.3", "python-cephfs": "10.2.11-0ubuntu0.16.04.3", "ceph-fs-common-dbgsym": "10.2.11-0ubuntu0.16.04.3", "ceph-mds-dbg": "10.2.11-0ubuntu0.16.04.3", "rbd-mirror": "10.2.11-0ubuntu0.16.04.3", "libcephfs1-dbg": "10.2.11-0ubuntu0.16.04.3", "libcephfs-dev": "10.2.11-0ubuntu0.16.04.3", "librbd1": "10.2.11-0ubuntu0.16.04.3", "rbd-nbd-dbg": "10.2.11-0ubuntu0.16.04.3", "python-rbd": "10.2.11-0ubuntu0.16.04.3", "libcephfs-jni-dbgsym": "10.2.11-0ubuntu0.16.04.3", "libradosstriper1-dbg": "10.2.11-0ubuntu0.16.04.3", "librgw2-dbgsym": "10.2.11-0ubuntu0.16.04.3", "ceph-test-dbgsym": "10.2.11-0ubuntu0.16.04.3", "librgw-dev": "10.2.11-0ubuntu0.16.04.3", "ceph-common-dbg": "10.2.11-0ubuntu0.16.04.3", "librados2-dbg": "10.2.11-0ubuntu0.16.04.3", "libradosstriper1": "10.2.11-0ubuntu0.16.04.3", "rbd-fuse-dbg": "10.2.11-0ubuntu0.16.04.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-rbd-dbgsym": "12.2.13-0ubuntu0.18.04.4", "python3-rgw-dbgsym": "12.2.13-0ubuntu0.18.04.4", "python-cephfs-dbgsym": "12.2.13-0ubuntu0.18.04.4", "ceph-mds": "12.2.13-0ubuntu0.18.04.4", "python3-ceph-argparse": "12.2.13-0ubuntu0.18.04.4", "rbd-fuse-dbgsym": "12.2.13-0ubuntu0.18.04.4", "rbd-mirror-dbgsym": "12.2.13-0ubuntu0.18.04.4", "libradosstriper1-dbgsym": "12.2.13-0ubuntu0.18.04.4", "rbd-nbd": "12.2.13-0ubuntu0.18.04.4", "python3-rgw": "12.2.13-0ubuntu0.18.04.4", "ceph-mds-dbgsym": "12.2.13-0ubuntu0.18.04.4", "rados-objclass-dev": "12.2.13-0ubuntu0.18.04.4", "ceph-fuse-dbgsym": "12.2.13-0ubuntu0.18.04.4", "rbd-nbd-dbgsym": "12.2.13-0ubuntu0.18.04.4", "ceph-resource-agents": "12.2.13-0ubuntu0.18.04.4", "ceph-mgr": "12.2.13-0ubuntu0.18.04.4", "librbd1-dbgsym": "12.2.13-0ubuntu0.18.04.4", "python3-cephfs-dbgsym": "12.2.13-0ubuntu0.18.04.4", "python-ceph": "12.2.13-0ubuntu0.18.04.4", "ceph-common": "12.2.13-0ubuntu0.18.04.4", "python3-rbd-dbgsym": "12.2.13-0ubuntu0.18.04.4", "libcephfs2": "12.2.13-0ubuntu0.18.04.4", "libcephfs-java": "12.2.13-0ubuntu0.18.04.4", "rbd-fuse": "12.2.13-0ubuntu0.18.04.4", "ceph-test": "12.2.13-0ubuntu0.18.04.4", "python-rados": "12.2.13-0ubuntu0.18.04.4", "ceph-common-dbgsym": "12.2.13-0ubuntu0.18.04.4", "radosgw": "12.2.13-0ubuntu0.18.04.4", "libcephfs-jni": "12.2.13-0ubuntu0.18.04.4", "radosgw-dbgsym": "12.2.13-0ubuntu0.18.04.4", "python3-cephfs": "12.2.13-0ubuntu0.18.04.4", "ceph-osd": "12.2.13-0ubuntu0.18.04.4", "python-rados-dbgsym": "12.2.13-0ubuntu0.18.04.4", "python-rgw": "12.2.13-0ubuntu0.18.04.4", "librados-dev": "12.2.13-0ubuntu0.18.04.4", "libradosstriper-dev": "12.2.13-0ubuntu0.18.04.4", "ceph-fuse": "12.2.13-0ubuntu0.18.04.4", "ceph-mgr-dbgsym": "12.2.13-0ubuntu0.18.04.4", "librgw2": "12.2.13-0ubuntu0.18.04.4", "librados2": "12.2.13-0ubuntu0.18.04.4", "ceph": "12.2.13-0ubuntu0.18.04.4", "librados-dev-dbgsym": "12.2.13-0ubuntu0.18.04.4", "librados2-dbgsym": "12.2.13-0ubuntu0.18.04.4", "ceph-mon": "12.2.13-0ubuntu0.18.04.4", "ceph-mon-dbgsym": "12.2.13-0ubuntu0.18.04.4", "libcephfs2-dbgsym": "12.2.13-0ubuntu0.18.04.4", "python-cephfs": "12.2.13-0ubuntu0.18.04.4", "librbd-dev": "12.2.13-0ubuntu0.18.04.4", "python-rgw-dbgsym": "12.2.13-0ubuntu0.18.04.4", "rbd-mirror": "12.2.13-0ubuntu0.18.04.4", "ceph-base-dbgsym": "12.2.13-0ubuntu0.18.04.4", "libcephfs-dev": "12.2.13-0ubuntu0.18.04.4", "ceph-osd-dbgsym": "12.2.13-0ubuntu0.18.04.4", "librbd1": "12.2.13-0ubuntu0.18.04.4", "python3-rados": "12.2.13-0ubuntu0.18.04.4", "python3-rbd": "12.2.13-0ubuntu0.18.04.4", "python-rbd": "12.2.13-0ubuntu0.18.04.4", "libcephfs-jni-dbgsym": "12.2.13-0ubuntu0.18.04.4", "python3-rados-dbgsym": "12.2.13-0ubuntu0.18.04.4", "ceph-test-dbgsym": "12.2.13-0ubuntu0.18.04.4", "librgw2-dbgsym": "12.2.13-0ubuntu0.18.04.4", "ceph-base": "12.2.13-0ubuntu0.18.04.4", "librgw-dev": "12.2.13-0ubuntu0.18.04.4", "libradosstriper1": "12.2.13-0ubuntu0.18.04.4" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python3-rgw-dbgsym": "15.2.1-0ubuntu1", "python3-ceph-argparse": "15.2.1-0ubuntu1", "ceph-mds": "15.2.1-0ubuntu1", "rbd-fuse-dbgsym": "15.2.1-0ubuntu1", "rbd-mirror-dbgsym": "15.2.1-0ubuntu1", "libradospp-dev": "15.2.1-0ubuntu1", "libradosstriper1-dbgsym": "15.2.1-0ubuntu1", "rbd-nbd": "15.2.1-0ubuntu1", "python3-rgw": "15.2.1-0ubuntu1", "ceph-mds-dbgsym": "15.2.1-0ubuntu1", "rados-objclass-dev": "15.2.1-0ubuntu1", "ceph-immutable-object-cache": "15.2.1-0ubuntu1", "ceph-fuse-dbgsym": "15.2.1-0ubuntu1", "rbd-nbd-dbgsym": "15.2.1-0ubuntu1", "ceph-resource-agents": "15.2.1-0ubuntu1", "ceph-mgr": "15.2.1-0ubuntu1", "ceph-mgr-modules-core": "15.2.1-0ubuntu1", "librbd1-dbgsym": "15.2.1-0ubuntu1", "python3-cephfs-dbgsym": "15.2.1-0ubuntu1", "ceph-common": "15.2.1-0ubuntu1", "python3-rbd-dbgsym": "15.2.1-0ubuntu1", "libcephfs2": "15.2.1-0ubuntu1", "ceph-immutable-object-cache-dbgsym": "15.2.1-0ubuntu1", "ceph-mgr-diskprediction-local": "15.2.1-0ubuntu1", "rbd-fuse": "15.2.1-0ubuntu1", "libcephfs-java": "15.2.1-0ubuntu1", "ceph-common-dbgsym": "15.2.1-0ubuntu1", "radosgw": "15.2.1-0ubuntu1", "ceph-mgr-dashboard": "15.2.1-0ubuntu1", "ceph-mgr-k8sevents": "15.2.1-0ubuntu1", "libcephfs-jni": "15.2.1-0ubuntu1", "radosgw-dbgsym": "15.2.1-0ubuntu1", "python3-cephfs": "15.2.1-0ubuntu1", "ceph-osd": "15.2.1-0ubuntu1", "librados-dev": "15.2.1-0ubuntu1", "libradosstriper-dev": "15.2.1-0ubuntu1", "ceph-fuse": "15.2.1-0ubuntu1", "ceph-mgr-dbgsym": "15.2.1-0ubuntu1", "librgw2": "15.2.1-0ubuntu1", "python3-ceph": "15.2.1-0ubuntu1", "librados2": "15.2.1-0ubuntu1", "ceph-mgr-cephadm": "15.2.1-0ubuntu1", "librados-dev-dbgsym": "15.2.1-0ubuntu1", "ceph": "15.2.1-0ubuntu1", "librados2-dbgsym": "15.2.1-0ubuntu1", "ceph-mon": "15.2.1-0ubuntu1", "ceph-mon-dbgsym": "15.2.1-0ubuntu1", "libcephfs2-dbgsym": "15.2.1-0ubuntu1", "librbd-dev": "15.2.1-0ubuntu1", "cephadm": "15.2.1-0ubuntu1", "python3-ceph-common": "15.2.1-0ubuntu1", "rbd-mirror": "15.2.1-0ubuntu1", "ceph-mgr-diskprediction-cloud": "15.2.1-0ubuntu1", "ceph-base-dbgsym": "15.2.1-0ubuntu1", "libcephfs-dev": "15.2.1-0ubuntu1", "ceph-osd-dbgsym": "15.2.1-0ubuntu1", "librbd1": "15.2.1-0ubuntu1", "python3-rados": "15.2.1-0ubuntu1", "python3-rbd": "15.2.1-0ubuntu1", "python3-rados-dbgsym": "15.2.1-0ubuntu1", "cephfs-shell": "15.2.1-0ubuntu1", "libcephfs-jni-dbgsym": "15.2.1-0ubuntu1", "librgw2-dbgsym": "15.2.1-0ubuntu1", "ceph-base": "15.2.1-0ubuntu1", "librgw-dev": "15.2.1-0ubuntu1", "ceph-mgr-rook": "15.2.1-0ubuntu1", "libradosstriper1": "15.2.1-0ubuntu1" } ] }