CVE-2024-48916

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions: Ceph RadosGW (affected versions not specified)

Description: The issue is related to insufficient authentication of data when handling JWT tokens, which can be exploited by a remote attacker to bypass the authentication procedure. This can lead to unauthorized access. There have been no reported real-world incidents or estimated numbers of affected devices provided.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

ALT-PU-2025-5585

AZL-65996

AZL-66005

BDU:2025-00001

BIT-CEPH-2024-48916

CVE-2024-48916

DSA-5825-1

GHSA-5G9M-MMP6-93MQ

MGASA-2025-0011

OESA-2025-1206

OESA-2025-1207

OESA-2025-1208

OESA-2025-1209

RHSA-2024:10956

RHSA-2025:4238

RHSA-2025:4664

USN-7182-1

Affected Products

Alt Linux

Ceph Radosgw

Linuxmint

Red Os

Ubuntu

CVE-2024-48916

Weakness Enumeration

Related Identifiers

Affected Products

References · 41