JWT Signature Verification Flaw in Ceph Distributed Storage by Ceph
CVE-2024-48916
Currently unrated
What is CVE-2024-48916?
A vulnerability in Ceph, a distributed object, block, and file storage platform, enables exploitation through malformed JSON Web Tokens (JWTs) that specify 'none' as the JWT algorithm. This oversight results in the failure to verify the JWT signature, potentially allowing unauthorized access through the RadosGW OIDC provider. As of now, no patched version is available for remediation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.