CVE-2024-48916— Ceph is vulnerable to authentication bypass through RadosGW

Ceph is vulnerable to authentication bypass through RadosGW

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

对数据真实性的验证不充分

Red Hat Ceph Storage 安全漏洞

Red Hat Ceph Storage是美国红帽（Red Hat）公司的一套可扩展的、开放性的软件定义存储平台。 Red Hat Ceph Storage存在安全漏洞，该漏洞源于存在身份验证绕过。

N/A

N/A