JWT Signature Verification Flaw in Ceph Distributed Storage by Ceph
CVE-2024-48916
Currently unrated
What is CVE-2024-48916?
A vulnerability in Ceph, a distributed object, block, and file storage platform, enables exploitation through malformed JSON Web Tokens (JWTs) that specify 'none' as the JWT algorithm. This oversight results in the failure to verify the JWT signature, potentially allowing unauthorized access through the RadosGW OIDC provider. As of now, no patched version is available for remediation.