{"schema_version":"1.7.2","id":"OESA-2025-1207","modified":"2025-02-28T15:33:44Z","published":"2025-02-28T15:33:44Z","upstream":["CVE-2024-48916"],"summary":"ceph security update","details":"Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.\r\n\r\nSecurity Fix(es):\n\nA vulnerability in the Ceph Rados Gateway (RadosGW) OIDC provider allows attackers to bypass JWT signature verification by supplying a token with \u0026quot;none\u0026quot; as the algorithm (alg). This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid tokens without a signature.(CVE-2024-48916)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"ceph","purl":"pkg:rpm/openEuler/ceph\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"18.2.2-6.oe2403"}]}],"ecosystem_specific":{"aarch64":["ceph-18.2.2-6.oe2403.aarch64.rpm","ceph-base-18.2.2-6.oe2403.aarch64.rpm","ceph-common-18.2.2-6.oe2403.aarch64.rpm","ceph-debuginfo-18.2.2-6.oe2403.aarch64.rpm","ceph-debugsource-18.2.2-6.oe2403.aarch64.rpm","ceph-exporter-18.2.2-6.oe2403.aarch64.rpm","ceph-fuse-18.2.2-6.oe2403.aarch64.rpm","ceph-immutable-object-cache-18.2.2-6.oe2403.aarch64.rpm","ceph-mds-18.2.2-6.oe2403.aarch64.rpm","ceph-mgr-18.2.2-6.oe2403.aarch64.rpm","ceph-mon-18.2.2-6.oe2403.aarch64.rpm","ceph-osd-18.2.2-6.oe2403.aarch64.rpm","ceph-radosgw-18.2.2-6.oe2403.aarch64.rpm","ceph-selinux-18.2.2-6.oe2403.aarch64.rpm","ceph-test-18.2.2-6.oe2403.aarch64.rpm","cephfs-mirror-18.2.2-6.oe2403.aarch64.rpm","libcephfs-devel-18.2.2-6.oe2403.aarch64.rpm","libcephfs2-18.2.2-6.oe2403.aarch64.rpm","libcephsqlite-18.2.2-6.oe2403.aarch64.rpm","libcephsqlite-devel-18.2.2-6.oe2403.aarch64.rpm","librados-devel-18.2.2-6.oe2403.aarch64.rpm","librados2-18.2.2-6.oe2403.aarch64.rpm","libradospp-devel-18.2.2-6.oe2403.aarch64.rpm","libradosstriper-devel-18.2.2-6.oe2403.aarch64.rpm","libradosstriper1-18.2.2-6.oe2403.aarch64.rpm","librbd-devel-18.2.2-6.oe2403.aarch64.rpm","librbd1-18.2.2-6.oe2403.aarch64.rpm","librgw-devel-18.2.2-6.oe2403.aarch64.rpm","librgw2-18.2.2-6.oe2403.aarch64.rpm","python3-ceph-argparse-18.2.2-6.oe2403.aarch64.rpm","python3-ceph-common-18.2.2-6.oe2403.aarch64.rpm","python3-cephfs-18.2.2-6.oe2403.aarch64.rpm","python3-rados-18.2.2-6.oe2403.aarch64.rpm","python3-rbd-18.2.2-6.oe2403.aarch64.rpm","python3-rgw-18.2.2-6.oe2403.aarch64.rpm","rados-objclass-devel-18.2.2-6.oe2403.aarch64.rpm","rbd-fuse-18.2.2-6.oe2403.aarch64.rpm","rbd-mirror-18.2.2-6.oe2403.aarch64.rpm","rbd-nbd-18.2.2-6.oe2403.aarch64.rpm"],"noarch":["ceph-grafana-dashboards-18.2.2-6.oe2403.noarch.rpm","ceph-mgr-cephadm-18.2.2-6.oe2403.noarch.rpm","ceph-mgr-dashboard-18.2.2-6.oe2403.noarch.rpm","ceph-mgr-diskprediction-local-18.2.2-6.oe2403.noarch.rpm","ceph-mgr-k8sevents-18.2.2-6.oe2403.noarch.rpm","ceph-mgr-modules-core-18.2.2-6.oe2403.noarch.rpm","ceph-mgr-rook-18.2.2-6.oe2403.noarch.rpm","ceph-mib-18.2.2-6.oe2403.noarch.rpm","ceph-prometheus-alerts-18.2.2-6.oe2403.noarch.rpm","ceph-resource-agents-18.2.2-6.oe2403.noarch.rpm","ceph-volume-18.2.2-6.oe2403.noarch.rpm","cephadm-18.2.2-6.oe2403.noarch.rpm","cephfs-top-18.2.2-6.oe2403.noarch.rpm"],"src":["ceph-18.2.2-6.oe2403.src.rpm"],"x86_64":["ceph-18.2.2-6.oe2403.x86_64.rpm","ceph-base-18.2.2-6.oe2403.x86_64.rpm","ceph-common-18.2.2-6.oe2403.x86_64.rpm","ceph-debuginfo-18.2.2-6.oe2403.x86_64.rpm","ceph-debugsource-18.2.2-6.oe2403.x86_64.rpm","ceph-exporter-18.2.2-6.oe2403.x86_64.rpm","ceph-fuse-18.2.2-6.oe2403.x86_64.rpm","ceph-immutable-object-cache-18.2.2-6.oe2403.x86_64.rpm","ceph-mds-18.2.2-6.oe2403.x86_64.rpm","ceph-mgr-18.2.2-6.oe2403.x86_64.rpm","ceph-mon-18.2.2-6.oe2403.x86_64.rpm","ceph-osd-18.2.2-6.oe2403.x86_64.rpm","ceph-radosgw-18.2.2-6.oe2403.x86_64.rpm","ceph-selinux-18.2.2-6.oe2403.x86_64.rpm","ceph-test-18.2.2-6.oe2403.x86_64.rpm","cephfs-mirror-18.2.2-6.oe2403.x86_64.rpm","libcephfs-devel-18.2.2-6.oe2403.x86_64.rpm","libcephfs2-18.2.2-6.oe2403.x86_64.rpm","libcephsqlite-18.2.2-6.oe2403.x86_64.rpm","libcephsqlite-devel-18.2.2-6.oe2403.x86_64.rpm","librados-devel-18.2.2-6.oe2403.x86_64.rpm","librados2-18.2.2-6.oe2403.x86_64.rpm","libradospp-devel-18.2.2-6.oe2403.x86_64.rpm","libradosstriper-devel-18.2.2-6.oe2403.x86_64.rpm","libradosstriper1-18.2.2-6.oe2403.x86_64.rpm","librbd-devel-18.2.2-6.oe2403.x86_64.rpm","librbd1-18.2.2-6.oe2403.x86_64.rpm","librgw-devel-18.2.2-6.oe2403.x86_64.rpm","librgw2-18.2.2-6.oe2403.x86_64.rpm","python3-ceph-argparse-18.2.2-6.oe2403.x86_64.rpm","python3-ceph-common-18.2.2-6.oe2403.x86_64.rpm","python3-cephfs-18.2.2-6.oe2403.x86_64.rpm","python3-rados-18.2.2-6.oe2403.x86_64.rpm","python3-rbd-18.2.2-6.oe2403.x86_64.rpm","python3-rgw-18.2.2-6.oe2403.x86_64.rpm","rados-objclass-devel-18.2.2-6.oe2403.x86_64.rpm","rbd-fuse-18.2.2-6.oe2403.x86_64.rpm","rbd-mirror-18.2.2-6.oe2403.x86_64.rpm","rbd-nbd-18.2.2-6.oe2403.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1207"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48916"}],"database_specific":{"severity":"High"}}