The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | ceph_storage | * |
| ceph_project | ceph | * |