Lucene search

K
cvelistRedhatCVELIST:CVE-2020-10753
HistoryJun 26, 2020 - 12:00 a.m.

CVE-2020-10753

2020-06-2600:00:00
CWE-113
redhat
www.cve.org
11
red hat ceph
radosgw
http headers

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.003

Percentile

68.9%

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Ceph Storage",
    "versions": [
      {
        "version": "versions 3.x and 4.x",
        "status": "affected"
      }
    ]
  }
]

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.003

Percentile

68.9%