{"id":"USN-7182-1","summary":"ceph vulnerability","details":"It was discovered that Ceph incorrectly handled unsupported JWT algorithms\nin the RadosGW gateway. An attacker could possibly use this issue to bypass\ncertain authentication checks and restrictions.\n","modified":"2026-02-10T04:46:27Z","published":"2025-01-06T13:41:43Z","related":["UBUNTU-CVE-2024-48916"],"upstream":["CVE-2024-48916","UBUNTU-CVE-2024-48916"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7182-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-48916"}],"affected":[{"package":{"name":"ceph","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/ceph@17.2.7-0ubuntu0.22.04.2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"17.2.7-0ubuntu0.22.04.2"}]}],"versions":["16.2.6-0ubuntu1","16.2.6-0ubuntu2","16.2.6-0ubuntu3","16.2.7-0ubuntu1","16.2.7-0ubuntu4","17.1.0-0ubuntu1","17.1.0-0ubuntu2","17.1.0-0ubuntu3","17.2.0-0ubuntu0.22.04.1","17.2.0-0ubuntu0.22.04.2","17.2.5-0ubuntu0.22.04.2","17.2.5-0ubuntu0.22.04.3","17.2.6-0ubuntu0.22.04.1","17.2.6-0ubuntu0.22.04.2","17.2.6-0ubuntu0.22.04.3","17.2.7-0ubuntu0.22.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-base"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-common"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-fuse"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-grafana-dashboards"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-immutable-object-cache"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-mds"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-mgr"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-mgr-cephadm"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-mgr-dashboard"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-mgr-diskprediction-local"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-mgr-k8sevents"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-mgr-modules-core"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-mgr-rook"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-mon"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-osd"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-prometheus-alerts"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-resource-agents"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"ceph-volume"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"cephadm"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"cephfs-mirror"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"cephfs-shell"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"crimson-osd"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"libcephfs-dev"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"libcephfs-java"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"libcephfs-jni"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"libcephfs2"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"librados-dev"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"librados2"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"libradospp-dev"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"libradosstriper-dev"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"libradosstriper1"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"librbd-dev"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"librbd1"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"librgw-dev"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"librgw2"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"libsqlite3-mod-ceph"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"libsqlite3-mod-ceph-dev"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"python3-ceph"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"python3-ceph-argparse"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"python3-ceph-common"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"python3-cephfs"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"python3-rados"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"python3-rbd"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"python3-rgw"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"rados-objclass-dev"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"radosgw"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"rbd-fuse"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"rbd-mirror"},{"binary_version":"17.2.7-0ubuntu0.22.04.2","binary_name":"rbd-nbd"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7182-1.json","cves_map":{"cves":[{"id":"CVE-2024-48916","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"ceph","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/ceph@19.2.0-0ubuntu0.24.04.2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"19.2.0-0ubuntu0.24.04.2"}]}],"versions":["18.2.0-0ubuntu3","18.2.0-0ubuntu6","18.2.0-0ubuntu7","19.2.0~git20240301.4c76c50-0ubuntu3","19.2.0~git20240301.4c76c50-0ubuntu4","19.2.0~git20240301.4c76c50-0ubuntu6","19.2.0~git20240301.4c76c50-0ubuntu6.1","19.2.0-0ubuntu0.24.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-base"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-common"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-fuse"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-grafana-dashboards"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-immutable-object-cache"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-mds"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-mgr"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-mgr-cephadm"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-mgr-dashboard"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-mgr-diskprediction-local"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-mgr-k8sevents"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-mgr-modules-core"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-mgr-rook"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-mon"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-osd"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-prometheus-alerts"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-resource-agents"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"ceph-volume"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"cephadm"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"cephfs-mirror"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"cephfs-shell"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"crimson-osd"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"libcephfs-dev"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"libcephfs-java"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"libcephfs-jni"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"libcephfs2"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"librados-dev"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"librados2"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"libradospp-dev"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"libradosstriper-dev"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"libradosstriper1"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"librbd-dev"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"librbd1"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"librgw-dev"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"librgw2"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"libsqlite3-mod-ceph"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"libsqlite3-mod-ceph-dev"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"python3-ceph"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"python3-ceph-argparse"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"python3-ceph-common"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"python3-cephfs"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"python3-rados"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"python3-rbd"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"python3-rgw"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"rados-objclass-dev"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"radosgw"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"rbd-fuse"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"rbd-mirror"},{"binary_version":"19.2.0-0ubuntu0.24.04.2","binary_name":"rbd-nbd"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7182-1.json","cves_map":{"cves":[{"id":"CVE-2024-48916","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}}],"schema_version":"1.7.3"}