Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has none as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Ceph Storage 6.1 | RedHat | ceph-2:17.2.6-277.el9cp | * |
| Red Hat Ceph Storage 6.1 | RedHat | oath-toolkit-0:2.6.12-1.el8cp | * |
| Red Hat Ceph Storage 7.1 | RedHat | ceph-2:18.2.1-329.el8cp | * |
| Red Hat Ceph Storage 7.1 | RedHat | oath-toolkit-0:2.6.12-1.el8cp | * |
| Red Hat Ceph Storage 8.0 | RedHat | ceph-2:19.2.0-55.el9cp | * |
| Red Hat Ceph Storage 8.0 | RedHat | rhceph/grafana-rhel9:10.4.8-6 | * |
| Red Hat Ceph Storage 8.0 | RedHat | rhceph/keepalived-rhel9:2.2.8-36 | * |
| Red Hat Ceph Storage 8.0 | RedHat | rhceph/oauth2-proxy-rhel9:v7.6.0-6 | * |
| Red Hat Ceph Storage 8.0 | RedHat | rhceph/rhceph-8-rhel9:8-212 | * |
| Red Hat Ceph Storage 8.0 | RedHat | rhceph/rhceph-haproxy-rhel9:2.4.22-38 | * |
| Red Hat Ceph Storage 8.0 | RedHat | rhceph/rhceph-promtail-rhel9:v3.0.0-9 | * |
| Red Hat Ceph Storage 8.0 | RedHat | rhceph/snmp-notifier-rhel9:1.2.1-86 | * |
| Ceph | Ubuntu | devel | * |
| Ceph | Ubuntu | jammy | * |
| Ceph | Ubuntu | noble | * |
| Ceph | Ubuntu | oracular | * |
| Ceph | Ubuntu | plucky | * |