Denial of Service Risk in Ceph Affecting RGW Users
CVE-2018-16846

6.5MEDIUM

Key Information:

Vendor: [unknown]
Status: Ceph
Vendor: CVE Published:; 15 January 2019

What is CVE-2018-16846?

An issue exists in Ceph versions prior to 13.2.4 where authenticated Ceph RGW users can exploit a vulnerability that disrupts access to OMAPs, which hold bucket indices. This leads to a denial of service condition, potentially impacting the availability and performance of the Ceph storage clusters.

Affected Version(s)

ceph 13.2.4

References

https://lists.debian.org/debian-lts-announce/2019/03/msg0...

mailing-listx_refsource_MLIST

http://lists.opensuse.org/opensuse-security-announce/2019...

vendor-advisoryx_refsource_SUSE

https://usn.ubuntu.com/4035-1/

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2019
Vulnerability Reserved
Sep 11, 2018

[unknown]

What is CVE-2018-16846?

Affected Version(s)

References

CVSS V3.1

Timeline