ceph: HTTP header injection via CORS ExposeHeader tag (CVE-2020-10753)

It was reported that "newline" character in the CORS xml configuration file in the ExposeHeader tag can lead to the header injection attack. When the CORS request is made the response contain the injected header. Using newline characters injected into the HTTP headers, it is possible for the malicious user to add arbitrary headers such as Set-Cookie to set arbitrary cookies.

Fixed In Version:

ceph 14.2.10

References:

https://ceph.io/releases/v14-2-10-nautilus-released/
https://github.com/ceph/ceph/pull/35773

Patch:

[14.2.10] https://github.com/ceph/ceph/commit/46817f30cee60bc5df8354ab326762e7c783fe2c

Affected branches:

master
3.12-stable

Edited Apr 05, 2021 by Leo

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information