CVE-2024-48916 - Vulnerability Details

A vulnerability in the Ceph Rados Gateway (RadosGW) OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm (alg). This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid tokens without a signature.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Ceph Storage

No data.

Package	CPE	Advisory	Released Date
Red Hat Ceph Storage 8.0
ceph-2:19.2.0-55.el9cp	cpe:/a:redhat:ceph_storage:8.0::el9	RHSA-2024:10956	2024-12-11T00:00:00Z
rhceph/grafana-rhel9:10.4.8-6	cpe:/a:redhat:ceph_storage:8.0::el9	RHSA-2024:10957	2024-12-11T00:00:00Z
rhceph/keepalived-rhel9:2.2.8-36	cpe:/a:redhat:ceph_storage:8.0::el9	RHSA-2024:10957	2024-12-11T00:00:00Z
rhceph/oauth2-proxy-rhel9:v7.6.0-6	cpe:/a:redhat:ceph_storage:8.0::el9	RHSA-2024:10957	2024-12-11T00:00:00Z
rhceph/rhceph-8-rhel9:8-212	cpe:/a:redhat:ceph_storage:8.0::el9	RHSA-2024:10957	2024-12-11T00:00:00Z
rhceph/rhceph-haproxy-rhel9:2.4.22-38	cpe:/a:redhat:ceph_storage:8.0::el9	RHSA-2024:10957	2024-12-11T00:00:00Z
rhceph/rhceph-promtail-rhel9:v3.0.0-9	cpe:/a:redhat:ceph_storage:8.0::el9	RHSA-2024:10957	2024-12-11T00:00:00Z
rhceph/snmp-notifier-rhel9:1.2.1-86	cpe:/a:redhat:ceph_storage:8.0::el9	RHSA-2024:10957	2024-12-11T00:00:00Z

References

Link	Providers
https://github.com/ceph/ceph/pull/60624/commits/919da3696668a07c6810dfa39301950c81c2eba4
https://github.com/ceph/ceph/security/advisories/GHSA-5g9m-mmp6-93mq
https://nvd.nist.gov/vuln/detail/CVE-2024-48916
https://tracker.ceph.com/issues/68836
https://www.cve.org/CVERecord?id=CVE-2024-48916

History

Tue, 31 Dec 2024 14:45:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

Thu, 12 Dec 2024 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat ceph Storage
CPEs		cpe:/a:redhat:ceph_storage:8.0::el9
Vendors & Products		Redhat Redhat ceph Storage

Tue, 03 Dec 2024 14:45:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A vulnerability in the Ceph Rados Gateway (RadosGW) OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm (alg). This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid tokens without a signature.

Mon, 02 Dec 2024 14:30:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		ceph: rhceph-container: Authentication bypass in CEPH RadosGW
Weaknesses		CWE-345
References		https://github.com/ceph/ceph/pull/60624/commits/919da3696668a07c6810dfa39301950c81c2eba4 https://github.com/ceph/ceph/security/advisories/GHSA-5g9m-mmp6-93mq https://nvd.nist.gov/vuln/detail/CVE-2024-48916 https://tracker.ceph.com/issues/68836 https://www.cve.org/CVERecord?id=CVE-2024-48916
Metrics	threat_severity `None`	threat_severity `Important`

MITRE

No data.

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Important

Publid Date: 2024-12-02T00:00:00Z

Links: CVE-2024-48916 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object