VYPR
High severity8.1OSV Advisory· Published Jul 30, 2025· Updated Apr 15, 2026

CVE-2024-48916

CVE-2024-48916

Description

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Ceph/CephOSV2 versions
    v0.1, v0.18, v0.19, …+ 1 more
    • (no CPE)range: v0.1, v0.18, v0.19, …
    • (no CPE)range: <=19.2.3
  • osv-coords
    Range: < 20.2.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.