Lucene search
K

10 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Ceph

A flaw was discovered in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability relates to the injection of HTTP headers via the CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file causes a header injectio...

6.5CVSS6.5AI score0.01612EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-10753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader...

6.5CVSS6.7AI score0.01627EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/07/30 7:45 p.m.20 views

CVE-2024-48916

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

8.1CVSS7.5AI score0.00192EPSS
Exploits0
OSV
OSV
added 2025/01/14 12:9 a.m.11 views

MGASA-2025-0011 Updated ceph packages fix security vulnerability

Authentication bypass in CEPH RadosGW. CVE-2024-48916...

8.1CVSS6.5AI score0.00192EPSS
Exploits0References3
Mageia
Mageia
added 2025/01/14 12:9 a.m.13 views

Updated ceph packages fix security vulnerability

Authentication bypass in CEPH RadosGW. CVE-2024-48916...

8.1CVSS7AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/02 12:0 a.m.4 views

PT-2024-9892

Name of the Vulnerable Software and Affected Versions: Ceph RadosGW affected versions not specified Description: The issue is related to insufficient authentication of data when handling JWT tokens, which can be exploited by a remote attacker to bypass the authentication procedure. This can lead ...

8.5CVSS7.1AI score0.00192EPSS
Exploits0References38
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.2 views

SUSE CVE-2020-10753

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

5.4CVSS7AI score0.01627EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2021-0207)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS6.9AI score0.0211EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/18 6:7 p.m.9 views

ceph: radosgw: HTTP header injection via CORS ExposeHeader tag

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

6.5CVSS5.8AI score0.01627EPSS
Exploits0References5
OSV
OSV
added 2020/02/07 9:15 p.m.2 views

DEBIAN-CVE-2020-1700

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by...

6.5CVSS6.5AI score0.02488EPSS
Exploits0References1
Rows per page
Query Builder