"Hello all, A flaw was found in Ceph RGW. An unprivileged user can write to any bucket(s) accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the name of the bucket used to sign the request. The result of this is that a user could actually upload to any bucket accessible by the specified access key as long as the bucket in the POST policy matches the bucket in said POST form part." Patch is attached at URL, but it also appears to be in 17.2.7 as well as some other branches: ~/git/ceph $ git log --all --grep "rgw: Fix bucket validation against POST policies" --oneline a08b0cdd214 Merge pull request #53758 from cbodley/wip-63040-pacific 9c476165f13 Merge pull request #53756 from cbodley/wip-63042-reef aaf8a6d1260 Merge pull request #53757 from cbodley/wip-63041-quincy 479976538fe rgw: Fix bucket validation against POST policies c940d3818da rgw: Fix bucket validation against POST policies 1a96d61224b rgw: Fix bucket validation against POST policies 100d81aa060 Merge pull request #53714 from cbodley/wip-63004 98bfb71cb38 rgw: Fix bucket validation against POST policies ~/git/ceph $ git tag --contains 479976538fe ~/git/ceph $ git tag --contains c940d3818da v17.2.7 ~/git/ceph $ git tag --contains 1a96d61224b ~/git/ceph $ git tag --contains 98bfb71cb38
