Project

General

Profile

Bug #24838

mon: auth checks not correct for pool ops

Added by Sage Weil 8 months ago. Updated 8 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/09/2018
Due date:
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(RADOS):
Pull request ID:

Description

The mon was not enforcing caps for pool ops correctly (which are used for managing unmanaged snapshots or even pool deletion).

Fixes are in place:
master: 975528f632f73fbffa3f1fee304e3bbe3296cffc
mimic: 4e1bc0cd6a0aaa76eb1936d1717a4ab07e179da6
luminous: ce0834dd17589ea243960a99b900c1e85cc64015
jewel: c41a2e696e26a7f747afeeeb44f96c322bd739af

CVE-2018-10861

History

#1 Updated by Sage Weil 8 months ago

  • Project changed from Ceph to RADOS

Also available in: Atom PDF