redhat ceph-storage CVE-2020-10753 vulnerability in Red Hat and Other Products
Published on June 26, 2020

product logo product logo product logo product logo product logo
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2020-10753 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is a HTTP Response Splitting Vulnerability?

The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

CVE-2020-10753 has been classified to as a HTTP Response Splitting vulnerability or weakness.


Products Associated with CVE-2020-10753

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-10753 are published in these products:

Red Hat Ceph Storage
 
Red Hat Openstack
 
Fedora Project Fedora
 
OpenSuse Leap
 
Linux Foundation Ceph
 
Canonical Ubuntu Linux
 

Affected Versions

Red Hat Ceph Storage Version versions 3.x and 4.x is affected by CVE-2020-10753

Exploit Probability

EPSS
0.41%
Percentile
60.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.