CVE-2020-10753 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Content spoofing
Description	A flaw was found in the Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. This issue affects the RadosGW S3 API, it does not affect the Swift API.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1195	ceph	14.2.8-1	15.2.6-1	High	Fixed	FS#67047

Date	Advisory	Group	Package	Severity	Type
26 Nov 2020	ASA-202011-22	AVG-1195	ceph	High	multiple issues

References
https://docs.ceph.com/en/latest/releases/nautilus/#v14-2-10-nautilus https://docs.ceph.com/en/latest/releases/octopus/#v15-2-4-octopus https://github.com/ceph/ceph/pull/35773 https://github.com/ceph/ceph/commit/ea0a33719e1765a79eb0c7137262b8e93cd073e3

References

https://docs.ceph.com/en/latest/releases/nautilus/#v14-2-10-nautilus
https://docs.ceph.com/en/latest/releases/octopus/#v15-2-4-octopus
https://github.com/ceph/ceph/pull/35773
https://github.com/ceph/ceph/commit/ea0a33719e1765a79eb0c7137262b8e93cd073e3