CVE-2024-48916: 
CBL Mariner vulnerability analysis and mitigation

A vulnerability in the Ceph Rados Gateway (RadosGW) OIDC provider allows attackers to bypass JWT signature verification in versions 19.2.3 and below. The vulnerability enables attackers to send a JWT token with 'none' as the JWT algorithm, effectively bypassing the signature verification process. This security issue was discovered during a penetration test and was assigned CVE-2024-48916 with a CVSS v3.1 base score of 8.1 (High) (Ubuntu CVE, GitHub Advisory).

The vulnerability exists in the RadosGW OIDC provider implementation where the JWT signature verification can be bypassed by specifying 'none' as the JWT algorithm. The issue was introduced in version 16.1.0 through commit 7566664f89be062e0c9f3519dc60b94c8af5e2a4. The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, indicating network attack vector, low attack complexity, low privileges required, and no user interaction needed (Debian Tracker, GitHub Advisory).

The vulnerability allows attackers to bypass authentication mechanisms in the Ceph RadosGW, potentially leading to unauthorized access to the storage system. The CVSS metrics indicate high impact on both confidentiality and integrity of the system, though availability is not affected. This could result in unauthorized access to sensitive data and potential modification of system configurations (GitHub Advisory).

Several distributions have released fixed versions: Ubuntu has patched versions 19.2.0-0ubuntu6 for 25.04, 19.2.0-0ubuntu2.1 for 24.10, 19.2.0-0ubuntu0.24.04.2 for 24.04 LTS, and 17.2.7-0ubuntu0.22.04.2 for 22.04 LTS. Debian has also released fixes for various versions including bullseye, bookworm, and sid (Ubuntu CVE, Debian Tracker).