Authenticated-read ACL Bypass in Ceph RGW

Authenticated-read ACL Bypass in Ceph RGW

CVE-2016-7031 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.

Learn more about our Web Application Penetration Testing UK.