10 matches found
Astra Linux – Vulnerability in Ceph
A flaw was discovered in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability relates to the injection of HTTP headers via the CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file causes a header injectio...
Linux Distros Unpatched Vulnerability : CVE-2020-10753
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader...
CVE-2024-48916
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
MGASA-2025-0011 Updated ceph packages fix security vulnerability
Authentication bypass in CEPH RadosGW. CVE-2024-48916...
Updated ceph packages fix security vulnerability
Authentication bypass in CEPH RadosGW. CVE-2024-48916...
PT-2024-9892
Name of the Vulnerable Software and Affected Versions: Ceph RadosGW affected versions not specified Description: The issue is related to insufficient authentication of data when handling JWT tokens, which can be exploited by a remote attacker to bypass the authentication procedure. This can lead ...
SUSE CVE-2020-10753
A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...
Mageia: Security Advisory (MGASA-2021-0207)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ceph: radosgw: HTTP header injection via CORS ExposeHeader tag
A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...
DEBIAN-CVE-2020-1700
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by...