Bug 1840744 (CVE-2020-10753)
Summary: | CVE-2020-10753 ceph: radosgw: HTTP header injection via CORS ExposeHeader tag | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Przemyslaw Roguski <proguski> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | adeza, bniver, branto, danmick, david, dbecker, fedora, gfidente, hvyas, i, jdurgin, jjoyce, josef, jschluet, jthottan, kdreyer, kkeithle, lhh, loic, lpeer, madam, mburns, ocs-bugs, ramkrsna, sclewis, security-response-team, slinaber, sostapov, srangach, steve, tserlin |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ceph 14.2.10, ceph 15.2.4 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-20 19:27:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1841204, 1841205, 1842369, 1851206 | ||
Bug Blocks: | 1838025 |
Description
Przemyslaw Roguski
2020-05-27 14:23:35 UTC
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Added all affected products. Ceph package contains affected radosgw component. ceph-2 is also affected, but as the impact is moderate, ceph-2 marked as ooss Acknowledgments: Name: Adam Mohammed (Linode) Upstream: William Bowling Statement: * Red Hat Ceph Storage (RHCS) 3 and 4 are affected by this vulnerability. Note: although this issue affects the RadosGW S3 API, it does not affect the Swift API. * Red Hat Openshift Container Storage( RHOCS) 4.2 is affected by this flaw. However, because RHOCS 4.2 is now in the Maintenance Phase of support, this issue is not currently planned to be addressed in future updates. * Red Hat OpenStack Platform (RHOSP) 13 is not affected by this flaw because RHOSP 13 only ships the ceph client libraries and does not build server code. Upstream PR: https://github.com/ceph/ceph/pull/35773 Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1851206] Upstream patch: [14.2.10] https://github.com/ceph/ceph/commit/46817f30cee60bc5df8354ab326762e7c783fe2c External References: https://ceph.io/releases/v14-2-10-nautilus-released/ This issue has been addressed in the following products: Red Hat Ceph Storage 4.1 Via RHSA-2020:3003 https://access.redhat.com/errata/RHSA-2020:3003 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10753 This issue has been addressed in the following products: Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 Via RHSA-2020:3505 https://access.redhat.com/errata/RHSA-2020:3505 This issue has been addressed in the following products: Red Hat Ceph Storage 3.3 Via RHSA-2020:3504 https://access.redhat.com/errata/RHSA-2020:3504 |