VDB
CVE-2020-1760
CVE-2020-1760
PUBLISHED
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
EPSS 0.35% · 57.9th percentile
Risk Scores
EPSS Score
0.35%
57.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | ceph | 0, 0 |
Timeline
- Apr 10, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760 url
- https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html url
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/ url
- https://nvd.nist.gov/vuln/detail/CVE-2020-1760 url
- https://security.gentoo.org/glsa/202105-39 url
- https://usn.ubuntu.com/4528-1/ url
- https://www.openwall.com/lists/oss-security/2020/04/07/1 url