Unrated severityNVD Advisory· Published Apr 23, 2020· Updated Aug 4, 2024
CVE-2020-1760
CVE-2020-1760
Description
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
Affected products
13- Ceph/Ceph Object Gatewaydescription
- osv-coords12 versionspkg:bitnami/cephpkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 14.2.21+ 11 more
- (no CPE)range: < 14.2.21
- (no CPE)range: < 14.2.5.389+gb0f23ac248-lp151.2.13.1
- (no CPE)range: < 14.2.5.389+gb0f23ac248-lp151.2.13.1
- (no CPE)range: < 12.2.12+git.1585658687.363df3a813-2.42.4
- (no CPE)range: < 14.2.5.389+gb0f23ac248-3.35.2
- (no CPE)range: < 14.2.5.389+gb0f23ac248-3.35.2
- (no CPE)range: < 12.2.12+git.1585658687.363df3a813-2.42.4
- (no CPE)range: < 12.2.12+git.1585658687.363df3a813-2.42.4
- (no CPE)range: < 12.2.12+git.1585658687.363df3a813-2.42.4
- (no CPE)range: < 12.2.12+git.1585658687.363df3a813-2.42.4
- (no CPE)range: < 12.2.12+git.1585658687.363df3a813-2.42.4
- (no CPE)range: < 12.2.12+git.1585658687.363df3a813-2.42.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/mitrevendor-advisory
- security.gentoo.org/glsa/202105-39mitrevendor-advisory
- usn.ubuntu.com/4528-1/mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2021/08/msg00013.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2023/10/msg00034.htmlmitremailing-list
- bugzilla.redhat.com/show_bug.cgimitre
- www.openwall.com/lists/oss-security/2020/04/07/1mitre
News mentions
0No linked articles in our index yet.