Описание
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 12.2.13-0ubuntu0.18.04.4 |
| devel | released | 15.2.5-0ubuntu1 |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | ignored | changes too intrusive |
| esm-infra/bionic | released | 12.2.13-0ubuntu0.18.04.4 |
| esm-infra/focal | released | 15.2.7-0ubuntu0.20.04.2 |
| esm-infra/xenial | released | 10.2.11-0ubuntu0.16.04.3 |
| focal | released | 15.2.7-0ubuntu0.20.04.2 |
| groovy | released | 15.2.5-0ubuntu1 |
| hirsute | released | 15.2.5-0ubuntu1 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.4 Medium
CVSS3
Связанные уязвимости
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...
EPSS
4.3 Medium
CVSS2
5.4 Medium
CVSS3