CVE-2024-48916

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
GitHub_MCNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
ceph
bullseye
14.2.21-1
not-affected
bookworm
16.2.15+ds-0+deb12u1
fixed
bookworm (security)
16.2.15+ds-0+deb12u1
fixed
trixie
18.2.7+ds-1
fixed
sid
18.2.7+ds-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ceph
plucky
Fixed 19.2.0-0ubuntu6
released
oracular
Fixed 19.2.0-0ubuntu2.1
released
noble
Fixed 19.2.0-0ubuntu0.24.04.2
released
jammy
Fixed 17.2.7-0ubuntu0.22.04.2
released
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://github.com/ceph/ceph/security/advisories/GHSA-5g9m-mmp6-93mq