CVE-2020-1760 — MEDIUM (5.8)

Q: How severe is CVE-2020-1760?

CVE-2020-1760 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-1760?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Ceph, Redhat Ceph Storage, Redhat Openshift Container Platform, Fedoraproject Fedora, Canonical Ubuntu Linux.

Vulnerability Description

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Linuxfoundation	Ceph	< 14.2.21
Redhat	Ceph Storage	3.0
Redhat	Openshift Container Platform	4.2
Fedoraproject	Fedora	31
Canonical	Ubuntu Linux	16.04
Debian	Debian Linux	9.0

Related Weaknesses (CWE)

CWE-79

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/08/msg00013.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202105-39Third Party Advisory
https://usn.ubuntu.com/4528-1/Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/04/07/1Mailing ListPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/08/msg00013.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202105-39Third Party Advisory
https://usn.ubuntu.com/4528-1/Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/04/07/1Mailing ListPatchThird Party Advisory

FAQ

What is CVE-2020-1760?

CVE-2020-1760 is a vulnerability with a CVSS score of 5.8 (MEDIUM). A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of...

How severe is CVE-2020-1760?

CVE-2020-1760 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-1760?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Ceph, Redhat Ceph Storage, Redhat Openshift Container Platform, Fedoraproject Fedora, Canonical Ubuntu Linux.