Published: 26/06/2020 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat ceph storage 3.0
redhat ceph storage 4.0
redhat openstack 15
fedoraproject fedora 32
opensuse leap 15.1
linuxfoundation ceph
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04

Debian Bug report logs - #988889 ceph: CVE-2021-3524 Package: src:ceph; Maintainer for src:ceph is Ceph Packaging Team <team+ceph@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 May 2021 19:09:06 UTC Severity: grave Tags: security, upstream Found in version ceph/14220-2 ...

Debian Bug report logs - #975300 ceph: CVE-2020-10753: radosgw: HTTP header injection via CORS ExposeHeader tag Package: src:ceph; Maintainer for src:ceph is Ceph Packaging Team <team+ceph@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 20 Nov 2020 08:42:01 UTC Severity: importan ...

Synopsis Moderate: Red Hat Ceph Storage 33 security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated packages that fixes one security issue and multiple bugs are now available for Red Hat Ceph Storage 33Red Hat Product Security has rated this update as having a security impact o ...

Synopsis Moderate: Red Hat Ceph Storage 41 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Ceph Storage 41Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...

Synopsis Moderate: Red Hat Ceph Storage 33 Security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Ceph Storage 33 on Ubuntu1604Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...

A flaw was found in the Ceph Storage RadosGW (Ceph Object Gateway) The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made This issue affects the RadosGW S3 API, ...

CWE-74 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10753 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00062.html https://usn.ubuntu.com/4528-1/https://security.gentoo.org/glsa/202105-39 https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFU7LXEL2UZE565FJBTY7UGH2O7ZUBVS/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988889 https://security.archlinux.org/CVE-2020-10753

CVE-2020-10753

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect