Unrated severityNVD Advisory· Published Apr 21, 2020· Updated Aug 4, 2024

CVE-2020-1699

Description

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

Affected products

osv-coords5 versions
pkg:bitnami/ceph pkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.1 pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
>= 14.2.5, <= 14.2.5+ 4 more
- (no CPE)range: >= 14.2.5, <= 14.2.5
- (no CPE)range: < 14.2.5.382+g8881d33957-lp151.2.10.1
- (no CPE)range: < 14.2.5.382+g8881d33957-lp151.2.10.1
- (no CPE)range: < 14.2.5.382+g8881d33957-3.30.1
- (no CPE)range: < 14.2.5.382+g8881d33957-3.30.1
The Ceph Project/cephv5
Range: Fixed in 14.2.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000