GSD-2020-1760 — Vulnetix

GSD-2020-1760 PUBLISHED CVSS 5.800000190734863 MEDIUM

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

Risk Scores

CVSS v3.1

5.800000190734863

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
[UNKNOWN]	ceph	15.2.1, 14.2.9, 13.2.9

Timeline

Apr 6, 2020 CVE Published
Apr 1, 2026 Security Advisory

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760 url
https://www.openwall.com/lists/oss-security/2020/04/07/1 url
FEDORA-2020-81b9c6cddc vendor-advisory
USN-4528-1 advisory
GLSA-202105-39 advisory
[debian-lts-announce] 20210810 [SECURITY] [DLA 2735-1] ceph security update advisory
[debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update advisory

Open in Interactive Console →