Bug 918410 (CVE-2023-43040)

Summary:	<sys-cluster/ceph-17.2.7: improperly verified POST keys
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	minor	CC:	chutzpah, cluster
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://www.openwall.com/lists/oss-security/2023/09/26/10
Whiteboard:	B3 [glsa? cleanup]
Package list:		Runtime testing required:	---
Bug Depends on:	918411
Bug Blocks:

Description John Helmert III archtester

2023-11-24 17:49:50 UTC

"Hello all,
A flaw was found in Ceph RGW. An unprivileged user can write to any
bucket(s) accessible by a given key if a POST's form-data contains a key
called 'bucket' with a value matching the name of the bucket used to sign
the request.

The result of this is that a user could actually upload to any bucket
accessible by the specified access key as long as the bucket in the POST
policy matches the bucket in said POST form part."

Patch is attached at URL, but it also appears to be in 17.2.7 as well
as some other branches:

~/git/ceph $ git log --all --grep "rgw: Fix bucket validation against POST policies" --oneline
a08b0cdd214 Merge pull request #53758 from cbodley/wip-63040-pacific
9c476165f13 Merge pull request #53756 from cbodley/wip-63042-reef
aaf8a6d1260 Merge pull request #53757 from cbodley/wip-63041-quincy
479976538fe rgw: Fix bucket validation against POST policies
c940d3818da rgw: Fix bucket validation against POST policies
1a96d61224b rgw: Fix bucket validation against POST policies
100d81aa060 Merge pull request #53714 from cbodley/wip-63004
98bfb71cb38 rgw: Fix bucket validation against POST policies
~/git/ceph $ git tag --contains 479976538fe
~/git/ceph $ git tag --contains c940d3818da
v17.2.7
~/git/ceph $ git tag --contains 1a96d61224b
~/git/ceph $ git tag --contains 98bfb71cb38