14 matches found
CVE-2024-48916 affecting package ceph for versions less than 18.2.2-10
CVE-2024-48916 affecting package ceph for versions less than 18.2.2-10. A patched version of the package is available...
CBL Mariner 2.0 Security Update: ceph (CVE-2024-48916)
The version of ceph installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-48916 advisory. - Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible t...
CVE-2024-48916
creationtimestamp| type| source ---|---|--- 2025-07-30 21:37:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lv7le2schv2z...
CVE-2024-48916
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
AZL-66005 CVE-2024-48916 affecting package ceph for versions less than 18.2.2-10
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
CVE-2024-48916 Ceph is vulnerable to authentication bypass through RadosGW
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
OESA-2025-1206 ceph security update
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by...
MGASA-2025-0011 Updated ceph packages fix security vulnerability
Authentication bypass in CEPH RadosGW. CVE-2024-48916...
Updated ceph packages fix security vulnerability
Authentication bypass in CEPH RadosGW. CVE-2024-48916...
Mageia: Security Advisory (MGASA-2025-0011)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-7182-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-5825-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-48916
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
CVE-2024-48916
A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm alg. This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid token...