A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/ | |
https://security.gentoo.org/glsa/202105-39 | Third Party Advisory |
https://usn.ubuntu.com/4528-1/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2020/04/07/1 | Mailing List Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
23 Oct 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Sep 2021, 15:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References |
|
28 May 2021, 19:45
Type | Values Removed | Values Added |
---|---|---|
References | (UBUNTU) https://usn.ubuntu.com/4528-1/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202105-39 - Third Party Advisory | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
27 May 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-04-23 15:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-1760
Mitre link : CVE-2020-1760
CVE.ORG link : CVE-2020-1760
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
linuxfoundation
- ceph
redhat
- openshift_container_platform
- ceph_storage
canonical
- ubuntu_linux
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')