VYPR

RGW

by Ceph

CVEs (2)

  • CVE-2016-7031HigOct 3, 2016
    risk 0.49cvss 7.5epss 0.02

    The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.

  • CVE-2020-12059Apr 22, 2020
    risk 0.00cvss epss 0.03

    An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.