CVE-2024-48916

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-48916

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48916.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-48916

Aliases

GHSA-5g9m-mmp6-93mq

Downstream

DEBIAN-CVE-2024-48916

DSA-5825-1

OESA-2025-1206

OESA-2025-1207

OESA-2025-1208

OESA-2025-1209

RHSA-2024:10956

RHSA-2025:4238

RHSA-2025:4664

UBUNTU-CVE-2024-48916

USN-7182-1

Related

MGASA-2025-0011

Published

2025-07-30T19:45:00Z

Modified

2025-10-15T15:12:31.703244Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Ceph is vulnerable to authentication bypass through RadosGW

Details

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.

References

https://github.com/ceph/ceph/security/advisories/GHSA-5g9m-mmp6-93mq

Affected packages

Git / github.com/ceph/ceph

Affected ranges

Type: GIT
Repo: https://github.com/ceph/ceph
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c92aebb279828e9c3c1f5d24613efca272649e62

Affected versions

mark-v0.*

mark-v0.70-wip

v0.*

v0.1

v0.10

v0.11

v0.12

v0.13

v0.14

v0.15

v0.16

v0.16.1

v0.17

v0.18

v0.19

v0.2

v0.20

v0.21

v0.21.1

v0.21.2

v0.21.3

v0.22

v0.22.1

v0.22.2

v0.23

v0.23.1

v0.23.2

v0.24

v0.24.1

v0.24.2

v0.24.3

v0.25

v0.25.1

v0.25.2

v0.26

v0.27

v0.27.1

v0.28

v0.28.1

v0.28.2

v0.29

v0.29.1

v0.3

v0.30

v0.31

v0.32

v0.33

v0.34

v0.35

v0.36

v0.37

v0.38

v0.39

v0.4

v0.40

v0.41

v0.42

v0.42.1

v0.42.2

v0.43

v0.44

v0.44.1

v0.44.2

v0.45

v0.46

v0.47

v0.47.1

v0.47.2

v0.47.3

v0.48argonaut

v0.49

v0.5

v0.50

v0.51

v0.52

v0.53

v0.54

v0.55

v0.55.1

v0.56

v0.57

v0.58

v0.59

v0.6

v0.60

v0.61

v0.62

v0.63

v0.64

v0.65

v0.66

v0.67

v0.67-rc1

v0.67-rc2

v0.67-rc3

v0.68

v0.69

v0.7

v0.7.1

v0.7.2

v0.7.3

v0.70

v0.71

v0.72

v0.72-rc1

v0.73

v0.74

v0.75

v0.76

v0.77

v0.78

v0.79

v0.8

v0.80

v0.80-rc1

v0.81

v0.82

v0.83

v0.84

v0.85

v0.86

v0.87

v0.88

v0.89

v0.9

v0.90

v0.91

v0.92

v0.93

v0.94

v10.*

v10.0.0

v10.0.1

v10.0.2

v10.0.3

v10.0.4

v10.0.5

v10.1.0

v10.1.1

v10.1.2

v10.2.0

v11.*

v11.0.0

v11.0.1

v11.0.2

v11.1.0

v12.*

v12.0.0

v12.0.1

v12.0.2

v12.0.3

v12.1.0

v12.1.1

v12.1.2

v13.*

v13.0.0

v13.0.1

v13.0.2

v13.1.0

v14.*

v14.0.0

v14.0.1

v14.1.0

v14.1.1

v14.2.0

v15.*

v15.0.0

v15.1.0

v15.1.1

v15.2.0

v16.*

v16.0.0

v17.*

v17.0.0

v18.*

v18.0.0

v19.*

v19.0.0

v19.1.0

v19.1.1

v19.2.0

v19.2.1

v19.2.2

v19.2.3

v9.*

v9.0.0

v9.0.1

v9.0.2

v9.0.3

v9.1.0

v9.2.0