Fluid Attacks Database

Description

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	ceph	=14.2.21-1 \|\| >=0 <14.2.21-1+deb11u1	14.2.21-1+deb11u1
debian 12	ceph	=16.2.11+ds-2 \|\| =16.2.11+ds-3 \|\| =16.2.11+ds-4 \|\| =16.2.11+ds-5 \|\| =16.2.11+ds-5.1 \|\| >=0 <16.2.15+ds-0+deb12u1	16.2.15+ds-0+deb12u1
debian 13	ceph	>=0 <16.2.11+ds-5	16.2.11+ds-5
debian 14	ceph	>=0 <16.2.11+ds-5	16.2.11+ds-5

Aliases

1. CVE-2023-430402. NVD-2023-430403. OSV-DEBIAN-2023-430404. OSV-2023-430405. SECURITY-TRACKER-CVE-2023-43040

References

1. https://github.com/riza/CVE-2023-43040

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.