]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bb380cf) | patch
[CVE-2024-48916] rgw/sts: fix to disallow unsupported JWT algorithms 62137/head
authorPritha Srivastava <prsrivas@redhat.com>
Tue, 5 Nov 2024 06:33:00 +0000 (12:03 +0530)
committerAdam Emerson <aemerson@redhat.com>
Wed, 5 Mar 2025 15:48:59 +0000 (10:48 -0500)
commite502e35f366af08bc71bbf6cba99c630b70d9df8
tree7355a79415cf9229be3da2fba9d911b8ec0a9847tree | snapshot
parentbb380cffddcc83d03e807d6768baf62414038ea6commit | diff
[CVE-2024-48916] rgw/sts: fix to disallow unsupported JWT algorithms
while authenticating AssumeRoleWithWebIdentity using JWT obtained
from an external IDP.

fixes: https://tracker.ceph.com/issues/68836

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
(cherry picked from commit 919da3696668a07c6810dfa39301950c81c2eba4)

Fixes: https://tracker.ceph.com/issues/69258
Signed-off-by: Adam Emerson <aemerson@redhat.com>
src/rgw/rgw_rest_sts.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.