Vulnerability CVE-2020-1760: Information
Description
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| ceph | sisyphus | 14.2.9-alt1 | 18.2.1-alt2.1 | ALT-PU-2020-1757-1 | 249990 | Fixed |
| ceph | p10 | 14.2.9-alt1 | 17.2.7-alt2 | ALT-PU-2020-1757-1 | 249990 | Fixed |
| ceph | p9 | 14.2.9-alt1 | 14.2.22-alt1 | ALT-PU-2020-1769-1 | 249994 | Fixed |
| ceph | c10f1 | 14.2.9-alt1 | 17.2.6-alt2 | ALT-PU-2020-1757-1 | 249990 | Fixed |
| ceph | c9f2 | 14.2.22-alt1 | 14.2.22-alt1 | ALT-PU-2021-2332-1 | 279851 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/04/07/1 |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760 |
|
| USN-4528-1 |
|
| GLSA-202105-39 |
|
| [debian-lts-announce] 20210810 [SECURITY] [DLA 2735-1] ceph security update |
|
| [debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update | |
| FEDORA-2020-81b9c6cddc |