{
  "threat_severity" : "Important",
  "public_date" : "2024-12-02T00:00:00Z",
  "bugzilla" : {
    "description" : "ceph: rhceph-container: Authentication bypass in CEPH RadosGW",
    "id" : "2329846",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2329846"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-345",
  "details" : [ "Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has \"none\" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.", "A vulnerability in the Ceph Rados Gateway (RadosGW) OIDC provider allows attackers to bypass JWT signature verification by supplying a token with \"none\" as the algorithm (alg). This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid tokens without a signature." ],
  "statement" : "This vulnerability is rated Important due to its ability to bypass JWT signature verification in Ceph Rados Gateway, allowing attackers to forge tokens and gain unauthorized access.\nOpenShift Data Foundation (ODF) is affected but not vulnerable to this issue. To exploit this issue, an attacker needs to use OIDC and manually set the algorithm to \"none\", then RadosGW will not validate the signature on a JWT. ODF is protected because it uses the Vault API to interface with OIDC (and other providers) and it does not support \"none\" as an algorithm type.",
  "affected_release" : [ {
    "product_name" : "Red Hat Ceph Storage 6.1",
    "release_date" : "2025-04-28T00:00:00Z",
    "advisory" : "RHSA-2025:4238",
    "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el8",
    "package" : "ceph-2:17.2.6-277.el9cp"
  }, {
    "product_name" : "Red Hat Ceph Storage 6.1",
    "release_date" : "2025-04-28T00:00:00Z",
    "advisory" : "RHSA-2025:4238",
    "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el8",
    "package" : "oath-toolkit-0:2.6.12-1.el8cp"
  }, {
    "product_name" : "Red Hat Ceph Storage 7.1",
    "release_date" : "2025-05-07T00:00:00Z",
    "advisory" : "RHSA-2025:4664",
    "cpe" : "cpe:/a:redhat:ceph_storage:7.1::el8",
    "package" : "ceph-2:18.2.1-329.el8cp"
  }, {
    "product_name" : "Red Hat Ceph Storage 7.1",
    "release_date" : "2025-05-07T00:00:00Z",
    "advisory" : "RHSA-2025:4664",
    "cpe" : "cpe:/a:redhat:ceph_storage:7.1::el8",
    "package" : "oath-toolkit-0:2.6.12-1.el8cp"
  }, {
    "product_name" : "Red Hat Ceph Storage 8.0",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10956",
    "cpe" : "cpe:/a:redhat:ceph_storage:8.0::el9",
    "package" : "ceph-2:19.2.0-55.el9cp"
  }, {
    "product_name" : "Red Hat Ceph Storage 8.0",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10957",
    "cpe" : "cpe:/a:redhat:ceph_storage:8.0::el9",
    "package" : "rhceph/grafana-rhel9:10.4.8-6"
  }, {
    "product_name" : "Red Hat Ceph Storage 8.0",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10957",
    "cpe" : "cpe:/a:redhat:ceph_storage:8.0::el9",
    "package" : "rhceph/keepalived-rhel9:2.2.8-36"
  }, {
    "product_name" : "Red Hat Ceph Storage 8.0",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10957",
    "cpe" : "cpe:/a:redhat:ceph_storage:8.0::el9",
    "package" : "rhceph/oauth2-proxy-rhel9:v7.6.0-6"
  }, {
    "product_name" : "Red Hat Ceph Storage 8.0",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10957",
    "cpe" : "cpe:/a:redhat:ceph_storage:8.0::el9",
    "package" : "rhceph/rhceph-8-rhel9:8-212"
  }, {
    "product_name" : "Red Hat Ceph Storage 8.0",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10957",
    "cpe" : "cpe:/a:redhat:ceph_storage:8.0::el9",
    "package" : "rhceph/rhceph-haproxy-rhel9:2.4.22-38"
  }, {
    "product_name" : "Red Hat Ceph Storage 8.0",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10957",
    "cpe" : "cpe:/a:redhat:ceph_storage:8.0::el9",
    "package" : "rhceph/rhceph-promtail-rhel9:v3.0.0-9"
  }, {
    "product_name" : "Red Hat Ceph Storage 8.0",
    "release_date" : "2024-12-11T00:00:00Z",
    "advisory" : "RHSA-2024:10957",
    "cpe" : "cpe:/a:redhat:ceph_storage:8.0::el9",
    "package" : "rhceph/snmp-notifier-rhel9:1.2.1-86"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Ceph Storage 4",
    "fix_state" : "Out of support scope",
    "package_name" : "ceph",
    "cpe" : "cpe:/a:redhat:ceph_storage:4"
  }, {
    "product_name" : "Red Hat Ceph Storage 4",
    "fix_state" : "Out of support scope",
    "package_name" : "rhceph/rhceph-4-rhel8",
    "cpe" : "cpe:/a:redhat:ceph_storage:4"
  }, {
    "product_name" : "Red Hat Ceph Storage 5",
    "fix_state" : "Out of support scope",
    "package_name" : "ceph",
    "cpe" : "cpe:/a:redhat:ceph_storage:5"
  }, {
    "product_name" : "Red Hat Ceph Storage 5",
    "fix_state" : "Out of support scope",
    "package_name" : "rhceph/rhceph-5-rhel8",
    "cpe" : "cpe:/a:redhat:ceph_storage:5"
  }, {
    "product_name" : "Red Hat Ceph Storage 6",
    "fix_state" : "Affected",
    "package_name" : "rhceph/rhceph-6-rhel9",
    "cpe" : "cpe:/a:redhat:ceph_storage:6"
  }, {
    "product_name" : "Red Hat Ceph Storage 7",
    "fix_state" : "Affected",
    "package_name" : "rhceph/rhceph-7-rhel9",
    "cpe" : "cpe:/a:redhat:ceph_storage:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "ceph",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "ceph",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/cephcsi-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-48916\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-48916\nhttps://github.com/ceph/ceph/pull/60624/commits/919da3696668a07c6810dfa39301950c81c2eba4\nhttps://github.com/ceph/ceph/security/advisories/GHSA-5g9m-mmp6-93mq\nhttps://tracker.ceph.com/issues/68836" ],
  "name" : "CVE-2024-48916",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}