Lucene search

K
osvGoogleOSV:CVE-2020-10753
HistoryJun 26, 2020 - 3:15 p.m.

CVE-2020-10753

2020-06-2615:15:11
Google
osv.dev
16
red hat ceph storage
radosgw
http header injection
cors
exposeheader
vulnerability
cors configuration
response
ceph versions

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

69.0%

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.