cbcvebase.
CVE-2020-10753
published 2020-06-26

CVE-2020-10753: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS…

medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debianceph< ceph 14.2.15-1 (bookworm)ceph 14.2.15-1 (bookworm)
debianceph< ceph 14.2.21-1 (bookworm)ceph 14.2.21-1 (bookworm)
debiandebian_linux
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
linuxfoundationceph< 14.2.2114.2.21
linuxfoundationceph
linuxfoundationceph>= 0 < 14.2.15-114.2.15-1
linuxfoundationceph>= 0 < 14.2.15-114.2.15-1
linuxfoundationceph>= 0 < 14.2.15-114.2.15-1
linuxfoundationceph>= 0 < 14.2.15-114.2.15-1
linuxfoundationceph>= 0 < 10.2.11-0ubuntu0.16.04.310.2.11-0ubuntu0.16.04.3
linuxfoundationceph>= 0 < 12.2.13-0ubuntu0.18.04.412.2.13-0ubuntu0.18.04.4
linuxfoundationceph>= 0 < 15.2.7-0ubuntu0.20.04.215.2.7-0ubuntu0.20.04.2
opensuseleap
redhatceph< 14.2.2114.2.21
redhatceph>= 0 < 14.2.21-114.2.21-1
redhatceph>= 0 < 14.2.21-114.2.21-1
redhatceph>= 0 < 14.2.21-114.2.21-1
redhatceph>= 0 < 14.2.21-114.2.21-1
redhatceph_storage
redhatceph_storage

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
osv7.5HIGH