Lucene search
K

14 matches found

CBLMariner
CBLMariner
added 2025/08/11 9:13 p.m.6 views

CVE-2024-48916 affecting package ceph for versions less than 18.2.2-10

CVE-2024-48916 affecting package ceph for versions less than 18.2.2-10. A patched version of the package is available...

8.1CVSS7.3AI score0.00192EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.6 views

CBL Mariner 2.0 Security Update: ceph (CVE-2024-48916)

The version of ceph installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-48916 advisory. - Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible t...

8.1CVSS7.5AI score0.00192EPSS
Exploits0References2
Circl
Circl
added 2025/07/30 9:37 p.m.29 views

CVE-2024-48916

creationtimestamp| type| source ---|---|--- 2025-07-30 21:37:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lv7le2schv2z...

8.1CVSS9AI score0.00192EPSS
Exploits0References1
NVD
NVD
added 2025/07/30 8:15 p.m.8 views

CVE-2024-48916

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

8.1CVSS0.00192EPSS
Exploits0References1
OSV
OSV
added 2025/07/30 8:15 p.m.10 views

AZL-66005 CVE-2024-48916 affecting package ceph for versions less than 18.2.2-10

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

8.1CVSS5.7AI score0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/30 7:45 p.m.4 views

CVE-2024-48916 Ceph is vulnerable to authentication bypass through RadosGW

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

8.1CVSS9AI score0.00192EPSS
Exploits0References1
OSV
OSV
added 2025/02/28 3:33 p.m.2 views

OESA-2025-1206 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by...

8.1CVSS6.9AI score0.00192EPSS
Exploits0References2
OSV
OSV
added 2025/01/14 12:9 a.m.11 views

MGASA-2025-0011 Updated ceph packages fix security vulnerability

Authentication bypass in CEPH RadosGW. CVE-2024-48916...

8.1CVSS6.5AI score0.00192EPSS
Exploits0References3
Mageia
Mageia
added 2025/01/14 12:9 a.m.13 views

Updated ceph packages fix security vulnerability

Authentication bypass in CEPH RadosGW. CVE-2024-48916...

8.1CVSS7AI score0.00192EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/01/14 12:0 a.m.9 views

Mageia: Security Advisory (MGASA-2025-0011)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.1AI score0.00192EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/01/07 12:0 a.m.17 views

Ubuntu: Security Advisory (USN-7182-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.1AI score0.00192EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/12/09 12:0 a.m.16 views

Debian: Security Advisory (DSA-5825-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7AI score0.02539EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2024/12/03 12:0 a.m.7 views

CVE-2024-48916

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

8.1CVSS7AI score0.00192EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/12/02 10:50 a.m.16 views

CVE-2024-48916

A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm alg. This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid token...

9.1CVSS6.6AI score0.00192EPSS
Exploits0References6
Rows per page
Query Builder