CVE-2020-10753
Severity
6.5MEDIUM
EPSS
0.4%
top 38.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJun 26
Latest updateMay 24
Description
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5
Affected Packages8 packages
Also affects: Fedora 32, Ubuntu Linux 16.04, 18.04
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-cggp-94xr-prm6: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway)↗2022-05-24
OSV▶
CVE-2020-10753: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway)↗2020-06-26
CVEList▶
CVE-2020-10753: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway)↗2020-06-26
📋Vendor Advisories
5Debian▶
CVE-2020-10753: ceph - A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The ...↗2020