CVE-2020-10753

Priority
Description
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway).
The vulnerability is related to the injection of HTTP headers via a CORS
ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS
configuration file generates a header injection in the response when the
CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this
issue.
Assigned-to
mdeslaur
Notes
Package
Source: ceph (LP Ubuntu Debian)
Upstream:released (14.2.10,15.2.4)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (10.2.11-0ubuntu0.16.04.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (12.2.13-0ubuntu0.18.04.4)
Ubuntu 20.04 LTS (Focal Fossa):needed
Ubuntu 20.10 (Groovy Gorilla):pending (15.2.5-0ubuntu1)
Patches:
Upstream:https://github.com/ceph/ceph/commit/46817f30cee60bc5df8354ab326762e7c783fe2c
More Information

Updated: 2020-10-07 18:14:44 UTC (commit e76ab53180646a105c7be00a14f13d7aa6c040e7)