RGW returns requested bucket name raw in "Bucket" response header
Bug #1520185 reported by
Adam Heczko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Won't Fix
|
Medium
|
Denis Meltsaykin | ||
6.0.x |
Fix Released
|
Medium
|
Denis Meltsaykin | ||
6.1.x |
Fix Released
|
Medium
|
Denis Meltsaykin | ||
7.0.x |
Fix Released
|
Medium
|
Denis Meltsaykin |
Bug Description
Please help me identify whether we are vulnerable to CVE-2015-5245 with pre MOS 7.0 ceph versions
Problem description:
Ceph RadosGW versions up to v0.80.10 are vulnerable to HTTP header modification attack.
Resolution proposal:
Apply appropriate patchset preventing HTTP header manipulation.
Upstream bug report:
http://
How to check/reproduce:
Mentioned in upstream bug report (curl)
CVE References
description: | updated |
Changed in mos: | |
importance: | Undecided → Medium |
milestone: | none → 5.1.1-mu-3 |
assignee: | nobody → MOS Maintenance (mos-maintenance) |
Changed in mos: | |
status: | New → Confirmed |
tags: | added: on-verification |
Changed in mos: | |
assignee: | MOS Maintenance (mos-maintenance) → Denis Meltsaykin (dmeltsaykin) |
information type: | Private Security → Public Security |
tags: | added: on-verification |
Changed in mos: | |
milestone: | 5.1.1-mu-3 → 5.1.1-updates |
To post a comment you must log in.
Presence of “Bucket” HTTP header depends on "rgw_expose_bucket”
configuration option that is, fortunately, set to “false" by default.
The reason behind introducing the option is described in the commit [1].
[1] https:/ /github. com/ceph/ ceph/commit/ f97264d4842cd2d 28e089e2dd8a409 b93bb1a825.