A vulnerability in the Ceph Rados Gateway (RadosGW) OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm (alg). This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid tokens without a signature. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or…Read More