Bug 1951674 (CVE-2021-3524)
| Summary: | CVE-2021-3524 ceph object gateway: radosgw: CRLF injection | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sage McTaggart <amctagga> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adeza, amctagga, anharris, bniver, branto, danmick, david, fedora, flucifre, gfidente, gmeno, hvyas, i, jdurgin, jjoyce, josef, jschluet, lhh, loic, lpeer, madam, mbenjamin, mburns, mhackett, mhicks, ocs-bugs, ramkrsna, sclewis, slinaber, sostapov, steve, vereddy |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ceph 14.2.21 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when making the CORS request. The highest threat from this vulnerability is to integrity.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-05 13:15:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1951675, 1958426, 2040886 | ||
| Bug Blocks: | 1950142, 1955602, 1955605 | ||
|
Description
Sage McTaggart
2021-04-20 17:30:57 UTC
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Acknowledgments: Name: Sergey Bobrov (Kaspersky) Statement: * Red Hat Ceph Storage (RHCS) 4 is affected by this vulnerability. Note: although this issue affects the RadosGW S3 API, it does not affect the Swift API. * Red Hat OpenShift Container Storage (RHOCS) 4 shipped ceph package for the usage of RHOCS 4.2 only which has reached End of Life. The shipped version of ceph package is neither used nor supported with the release of RHOCS 4.3. * Red Hat Enterprise Linux 7 and 8 are not affected by this flaw, as the shipped versions of `ceph` are not compiled with RadosGW support. * Red Hat OpenStack Platform deployments use the ceph package directly from the Ceph channel; the RHOSP package will not be updated at this time. Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1958426] upstream patch here https://github.com/ceph/ceph/releases/tag/v14.2.21 This issue has been addressed in the following products: Red Hat Ceph Storage 5.1 Via RHSA-2022:1174 https://access.redhat.com/errata/RHSA-2022:1174 This issue has been addressed in the following products: Red Hat Ceph Storage 4.3 Via RHSA-2022:1716 https://access.redhat.com/errata/RHSA-2022:1716 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3524 |