CVE-2020-1760

Published: Apr 23, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

Affected (8)

Products: Linuxfoundation: Ceph · Redhat: Ceph Storage, Openshift Container Platform · Fedoraproject: Fedora · +2 more

Show all products

Linuxfoundation: Ceph · Redhat: Ceph Storage, Openshift Container Platform · Fedoraproject: Fedora · Canonical: Ubuntu Linux · Debian: Debian Linux

1 product

2 products

Openshift Container Platform

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linuxfoundation Ceph	Before 14.2.21

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Ceph Storage	Version 3.0
Redhat Ceph Storage	Version 4.0
Redhat Openshift Container Platform	Version 4.2

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (14)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/

Source: secalert@redhat.com

https://security.gentoo.org/glsa/202105-39

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4528-1/

Source: secalert@redhat.com

Third Party Advisory

https://www.openwall.com/lists/oss-security/2020/04/07/1

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760