DEBIAN-CVE-2023-43040

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

References

https://security-tracker.debian.org/tracker/CVE-2023-43040

Affected packages

Debian:11 / ceph

Package

Name: ceph
Purl: pkg:deb/debian/ceph?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.2.21-1+deb11u1

Affected versions

14.*

14.2.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-43040.json"

Debian:12 / ceph

Package

Name: ceph
Purl: pkg:deb/debian/ceph?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.2.15+ds-0+deb12u1

Affected versions

16.*

16.2.11+ds-2

16.2.11+ds-3

16.2.11+ds-4

16.2.11+ds-5

16.2.11+ds-5.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-43040.json"

Debian:13 / ceph

Package

Name: ceph
Purl: pkg:deb/debian/ceph?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.2.11+ds-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-43040.json"

Debian:14 / ceph

Package

Name: ceph
Purl: pkg:deb/debian/ceph?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

16.2.11+ds-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-43040.json"