A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/ | |
https://security.gentoo.org/glsa/202105-39 | Third Party Advisory |
https://usn.ubuntu.com/4528-1/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2020/04/07/1 | Mailing List Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
23 Oct 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-04-23 15:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-1760
Mitre link : CVE-2020-1760
CVE.ORG link : CVE-2020-1760
JSON object : View
Products Affected
canonical
- ubuntu_linux
redhat
- ceph_storage
- openshift_container_platform
linuxfoundation
- ceph
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')