CVE-2021-3524
Description
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of as a header separator, thus a new flaw has been created.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.857
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| distributed storage and file system (USN-4998-1) ceph_15.2.12-0ubuntu0.20.04.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph_15.2.12-0ubuntu0.20.10.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) cephadm_15.2.12-0ubuntu0.20.04.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) cephadm_15.2.12-0ubuntu0.20.10.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) radosgw_15.2.12-0ubuntu0.20.04.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) radosgw_15.2.12-0ubuntu0.20.10.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr_15.2.12-0ubuntu0.20.04.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr_15.2.12-0ubuntu0.20.10.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-base_15.2.12-0ubuntu0.20.04.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-base_15.2.12-0ubuntu0.20.10.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-common_15.2.12-0ubuntu0.20.04.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-common_15.2.12-0ubuntu0.20.10.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-rook_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-rook_15.2.12-0ubuntu0.20.10.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-cephadm_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-cephadm_15.2.12-0ubuntu0.20.10.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-dashboard_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-dashboard_15.2.12-0ubuntu0.20.10.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-k8sevents_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-k8sevents_15.2.12-0ubuntu0.20.10.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-modules-core_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-modules-core_15.2.12-0ubuntu0.20.10.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-diskprediction-cloud_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-diskprediction-cloud_15.2.12-0ubuntu0.20.10.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-diskprediction-local_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-diskprediction-local_15.2.12-0ubuntu0.20.10.1_all.deb | Linux |
| distributed storage and file system (USN-5128-1) ceph_16.2.6-0ubuntu0.21.04.2_amd64.deb | Linux |
| distributed storage and file system (USN-5128-1) ceph_12.2.13-0ubuntu0.18.04.10_i386.deb | Linux |
| distributed storage and file system (USN-5128-1) ceph_12.2.13-0ubuntu0.18.04.10_amd64.deb | Linux |
| distributed storage and file system (USN-5128-1) ceph-base_16.2.6-0ubuntu0.21.04.2_amd64.deb | Linux |
| distributed storage and file system (USN-5128-1) ceph-base_12.2.13-0ubuntu0.18.04.10_i386.deb | Linux |
| distributed storage and file system (USN-5128-1) ceph-base_12.2.13-0ubuntu0.18.04.10_amd64.deb | Linux |
| distributed storage and file system (USN-5128-1) ceph-common_16.2.6-0ubuntu0.21.04.2_amd64.deb | Linux |
| distributed storage and file system (USN-5128-1) ceph-common_12.2.13-0ubuntu0.18.04.10_i386.deb | Linux |
| distributed storage and file system (USN-5128-1) ceph-common_12.2.13-0ubuntu0.18.04.10_amd64.deb | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-ansible-6.0.25.4-1.el8cp.noarch.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-base-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-common-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-debugsource-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-fuse-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-grafana-dashboards-16.2.7-98.el8cp.noarch.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-immutable-object-cache-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-iscsi-3.5-2.el8cp.noarch.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-mds-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-radosgw-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-resource-agents-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update ceph-selinux-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update cephadm-16.2.7-98.el8cp.noarch.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update cephadm-ansible-0.1-4.g6754c10.el8cp.noarch.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update cephfs-mirror-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update cephfs-top-16.2.7-98.el8cp.noarch.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update libcephfs-devel-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update libcephfs2-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update librados-devel-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update librados2-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update libradospp-devel-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update libradosstriper1-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update librbd-devel-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update librbd1-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update librgw-devel-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update librgw2-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update libtcmu-1.5.4-4.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update python3-ceph-argparse-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update python3-ceph-common-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update python3-cephfs-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update python3-rados-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update python3-rbd-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update python3-rgw-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update rbd-mirror-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update rbd-nbd-16.2.7-98.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1174) Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update tcmu-runner-1.5.4-4.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update ceph-ansible-4.0.70.3-1.el7cp.noarch.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update ceph-base-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update ceph-common-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update ceph-fuse-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update ceph-grafana-dashboards-14.2.22-110.el7cp.noarch.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update ceph-iscsi-3.4-5.el7cp.noarch.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update ceph-mds-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update ceph-radosgw-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update ceph-selinux-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update libcephfs-devel-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update libcephfs2-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update libntirpc-3.4-1.1.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update libntirpc-3.4-1.1.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update libntirpc-debugsource-3.4-1.1.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update librados-devel-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update librados2-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update libradospp-devel-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update libradosstriper1-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update librbd-devel-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update librbd1-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update librgw-devel-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update librgw2-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update libtcmu-1.5.2-5.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-3.5-1.2.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-3.5-1.2.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-ceph-3.5-1.2.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-ceph-3.5-1.2.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-debugsource-3.5-1.2.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-proxy-3.5-1.2.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-proxy-3.5-1.2.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-rados-grace-3.5-1.2.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-rados-grace-3.5-1.2.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-rados-urls-3.5-1.2.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-rados-urls-3.5-1.2.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-rgw-3.5-1.2.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-rgw-3.5-1.2.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-selinux-3.5-1.2.el7cp.noarch.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-selinux-3.5-1.2.el8cp.noarch.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-vfs-3.5-1.2.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update nfs-ganesha-vfs-3.5-1.2.el8cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update python-ceph-argparse-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update python-cephfs-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update python-rados-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update python-rbd-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update python-rgw-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update rbd-mirror-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update rbd-nbd-14.2.22-110.el7cp.x86_64.rpm | Linux |
| (RHSA-2022:1716) Red Hat Ceph Storage 4.3 Security and Bug Fix update tcmu-runner-1.5.2-5.el7cp.x86_64.rpm | Linux |
| distributed storage and file system (USN-4998-1) cephadm_15.2.12-0ubuntu0.20.04.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) radosgw_15.2.12-0ubuntu0.20.04.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr_15.2.12-0ubuntu0.20.04.1_amd64.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-rook_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-cephadm_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-dashboard_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-k8sevents_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-modules-core_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-diskprediction-cloud_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
| distributed storage and file system (USN-4998-1) ceph-mgr-diskprediction-local_15.2.12-0ubuntu0.20.04.1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234