VYPR

Ceph Object Gateway

by Ceph

CVEs (3)

  • CVE-2016-9579MedAug 1, 2018
    risk 0.43cvss 6.5epss 0.04

    A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP…

  • CVE-2021-3524May 17, 2021
    risk 0.00cvss epss 0.02

    A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file…

  • CVE-2020-1760Apr 23, 2020
    risk 0.00cvss epss 0.02

    A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.