CVE-2021-3524
gateway: radosgw: CRLF injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
Se encontró un fallo en Red Hat Ceph Storage RadosGW (Ceph Object Gateway) en versiones anteriores a la 14.2.21. La vulnerabilidad está relacionada con la inyección de encabezados HTTP por medio de una etiqueta CORS ExposeHeader. El carácter de nueva línea en la etiqueta ExposeHeader en el archivo de configuración CORS genera una inyección de encabezado en la respuesta cuando se realiza la petición CORS. Además, la corrección de bug anterior para CVE-2020-10753 no tenía en cuenta el uso de \r como separador de encabezado, por lo que un nuevo fallo ha sido creado
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when making the CORS request. The highest threat from this vulnerability is to integrity.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-30 CVE Reserved
- 2021-05-17 CVE Published
- 2024-07-18 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1951674 | 2022-05-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Ceph Search vendor "Redhat" for product "Ceph" | < 14.2.21 Search vendor "Redhat" for product "Ceph" and version " < 14.2.21" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 4.0 Search vendor "Redhat" for product "Ceph Storage" and version "4.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||