CVE-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 5 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:19

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/', 'name': 'FEDORA-2020-81b9c6cddc', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/ -

23 Oct 2023, 19:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html -

16 Sep 2021, 15:46

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html - Mailing List, Third Party Advisory

28 May 2021, 19:45

Type Values Removed Values Added
References (UBUNTU) https://usn.ubuntu.com/4528-1/ - (UBUNTU) https://usn.ubuntu.com/4528-1/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/ - Mailing List, Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202105-39 - (GENTOO) https://security.gentoo.org/glsa/202105-39 - Third Party Advisory
CPE cpe:2.3:a:linuxfoundation:ceph:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

27 May 2021, 00:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202105-39 -

Information

Published : 2020-04-23 15:15

Updated : 2023-12-10 13:27


NVD link : CVE-2020-1760

Mitre link : CVE-2020-1760

CVE.ORG link : CVE-2020-1760


JSON object : View

Products Affected

debian

  • debian_linux

fedoraproject

  • fedora

linuxfoundation

  • ceph

redhat

  • openshift_container_platform
  • ceph_storage

canonical

  • ubuntu_linux
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')