SB2024020931 - Multiple vulnerabilities in Red Hat Ceph Storage 5.3

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024020931

SB2024020931 - Multiple vulnerabilities in Red Hat Ceph Storage 5.3

Published: February 9, 2024

Security Bulletin ID SB2024020931
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 11% Medium 56% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2022-23498)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to all headers being cached, when datasource query caching is enabled (including when rotating the Grafana session cookie via a Set-Cookie grafana_session header). A remote attacker can gain unauthorized access to sensitive information on the system.


2) Stored cross-site scripting (CVE-ID: CVE-2023-0507)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the GeoMap plugin. A remote user with the Editor role can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


3) Stored cross-site scripting (CVE-ID: CVE-2023-0594)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the trace view visualization. A remote user the Editor role can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


4) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-25725)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP/1 requests. A remote attacker can send a specially crafted HTTP request with empty fields, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


5) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-41717)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.


6) Input validation error (CVE-ID: CVE-2023-0056)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the http_wait_for_response() function when handling HTTP/2 requests. A remote attacker can send a specially crafted HTTP request the proxy server and perform a denial of service (DoS) attack.


7) Information disclosure (CVE-ID: CVE-2023-1387)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to application allows users to login with a JWT token passed in the URL query parameter auth_token. A remote attacker can intercept the query and gain unauthorized access to the application.


8) Stored cross-site scripting (CVE-ID: CVE-2023-22462)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Text plugin. A remote user with Editor role can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.



9) Code Injection (CVE-ID: CVE-2023-24538)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in html/template when handling JavaScript templates that contain backticks in code. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary JavaScript code into the Go template.


Remediation

Install update from vendor's website.

References