Описание
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 12.2.13-0ubuntu0.18.04.10 |
| devel | released | 16.2.4-0ubuntu1 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | released | 12.2.13-0ubuntu0.18.04.10 |
| esm-infra/focal | released | 15.2.12-0ubuntu0.20.04.1 |
| esm-infra/xenial | released | 10.2.11-0ubuntu0.16.04.3+esm2 |
| focal | released | 15.2.12-0ubuntu0.20.04.1 |
| groovy | released | 15.2.12-0ubuntu0.20.10.1 |
| hirsute | released | 16.2.6-0ubuntu0.21.04.2 |
| impish | released | 16.2.4-0ubuntu1 |
Показывать по
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
Уязвимость системы хранения данных Ceph, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3