CVE-2020-10753

Advisory lineage Upstream: 0 Downstream: 12
Modified
Published: 26 Jun 2020, 00:00
Last modified:04 Aug 2024, 11:14

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.43% LOW
0% probability +0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

26 Jun 2020, 00:00
Published
Vulnerability first disclosed
04 Aug 2024, 11:14
Last Modified
Vulnerability information updated

Description

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.

CVSS Metrics

  • v3.1MEDIUMScore: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • v3.1MEDIUMScore: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
  • v2.0MEDIUMScore: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.43% Percentile: 63%

Techniques & Countermeasures

  • CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

    The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

  • CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

    The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

Affected Systems

  • canonicalubuntu_linux

    16.04 | 18.04

  • fedoraprojectfedora

    32

  • linuxfoundationceph

    < 14.2.21

  • opensuseleap

    15.1

  • red hatred hat ceph storage

    versions 3.x and 4.x

  • redhatceph_storage

    3.0 | 4.0

  • redhatopenstack

    15

References (7)