CVE-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 5 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:19

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/', 'name': 'FEDORA-2020-81b9c6cddc', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/ -

23 Oct 2023, 19:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html -

Information

Published : 2020-04-23 15:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-1760

Mitre link : CVE-2020-1760

CVE.ORG link : CVE-2020-1760


JSON object : View

Products Affected

canonical

  • ubuntu_linux

redhat

  • ceph_storage
  • openshift_container_platform

linuxfoundation

  • ceph

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')