CVE-2020-10753
Description
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.407
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) ceph-common-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) ceph-common-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP4.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) ceph-common-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) ceph-common-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) ceph-debugsource-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) ceph-debugsource-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP4.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) libcephfs2-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) libcephfs2-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) libcephfs2-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) librados2-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) libcephfs2-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) librados2-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) librados2-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) librados2-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) libradosstriper1-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) libradosstriper1-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) libradosstriper1-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) libradosstriper1-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) librbd1-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) librbd1-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) librbd1-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) librbd1-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) librgw2-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) librgw2-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) librgw2-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) librgw2-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) python-cephfs-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) python-cephfs-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) python-cephfs-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) python-cephfs-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) python-rados-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) python-rados-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) python-rados-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) python-rados-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) python-rbd-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) python-rbd-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) python-rbd-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) python-rbd-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) python-rgw-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) python-rgw-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP4 ) python-rgw-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1748-1(SUSE Linux Enterprise Server 12-SP5 ) python-rgw-debuginfo-12.2.13+git.1592168685.85110a3e9d-2.50.1.x86_64_SP5.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update ceph-ansible-3.2.48-1.el7cp.noarch.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update ceph-base-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update ceph-common-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update ceph-fuse-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update ceph-mds-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update ceph-radosgw-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update ceph-selinux-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update libcephfs-devel-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update libcephfs2-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update librados-devel-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update librados2-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update libradosstriper1-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update librbd-devel-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update librbd1-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update librgw-devel-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update librgw2-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update nfs-ganesha-2.7.4-13.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update nfs-ganesha-ceph-2.7.4-13.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update nfs-ganesha-rgw-2.7.4-13.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update nfs-ganesha-selinux-2.7.4-13.el7cp.noarch.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update python-cephfs-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update python-rados-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update python-rbd-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update python-rgw-12.2.12-124.el7cp.x86_64.rpm | Linux |
| (RHSA-2020:3504) Red Hat Ceph Storage 3.3 security and bug fix update rbd-mirror-12.2.12-124.el7cp.x86_64.rpm | Linux |
| distributed storage and file system (USN-4528-1) ceph_10.2.11-0ubuntu0.16.04.3_i386.deb | Linux |
| distributed storage and file system (USN-4528-1) ceph_10.2.11-0ubuntu0.16.04.3_amd64.deb | Linux |
| distributed storage and file system (USN-4528-1) ceph_12.2.13-0ubuntu0.18.04.4_i386.deb | Linux |
| distributed storage and file system (USN-4528-1) ceph_12.2.13-0ubuntu0.18.04.4_amd64.deb | Linux |
| distributed storage and file system (USN-4528-1) ceph-base_12.2.13-0ubuntu0.18.04.4_i386.deb | Linux |
| distributed storage and file system (USN-4528-1) ceph-base_12.2.13-0ubuntu0.18.04.4_amd64.deb | Linux |
| distributed storage and file system (USN-4528-1) ceph-common_10.2.11-0ubuntu0.16.04.3_i386.deb | Linux |
| distributed storage and file system (USN-4528-1) ceph-common_10.2.11-0ubuntu0.16.04.3_amd64.deb | Linux |
| distributed storage and file system (USN-4528-1) ceph-common_12.2.13-0ubuntu0.18.04.4_i386.deb | Linux |
| distributed storage and file system (USN-4528-1) ceph-common_12.2.13-0ubuntu0.18.04.4_amd64.deb | Linux |
| distributed storage and file system (USN-4706-1) ceph_15.2.7-0ubuntu0.20.04.2_amd64.deb | Linux |
| distributed storage and file system (USN-4706-1) ceph_15.2.7-0ubuntu0.20.10.3_amd64.deb | Linux |
| distributed storage and file system (USN-4706-1) ceph-base_15.2.7-0ubuntu0.20.04.2_amd64.deb | Linux |
| distributed storage and file system (USN-4706-1) ceph-base_15.2.7-0ubuntu0.20.10.3_amd64.deb | Linux |
| distributed storage and file system (USN-4706-1) ceph-common_15.2.7-0ubuntu0.20.04.2_amd64.deb | Linux |
| distributed storage and file system (USN-4706-1) ceph-common_15.2.7-0ubuntu0.20.10.3_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234