CVE-2020-1699

Опубликовано: 15 янв. 2020

Источник: redhat

CVSS3: 7.5

Описание

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

A path traversal flaw was found in the Ceph dashboard implemented in Ceph storage. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

Отчет

This vulnerability affects following Ceph versions of upstream - v14.2.5, v14.2.6, v15.0.0 and it has been fixed in v14.2.7 and v15.1.0. Red Hat Ceph Storage never shipped the affected versions of Ceph hence not affected.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Ceph Storage 2	ceph	Not affected
Red Hat Ceph Storage 3	ceph	Not affected
Red Hat Ceph Storage 4	ceph	Not affected
Red Hat Enterprise Linux 8	ceph	Not affected
Red Hat Openshift Container Storage 4	ceph	Not affected
Red Hat OpenStack Platform 13 (Queens)	ceph	Not affected
Red Hat OpenStack Platform 15 (Stein)	ceph	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1792337ceph: improper URL checking leads to information disclosure

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-1699

CVSS3: 7.5

ubuntu

почти 6 лет назад

CVE-2020-1699

CVSS3: 7.5

nvd

почти 6 лет назад

CVE-2020-1699

CVSS3: 7.5

debian

почти 6 лет назад

A path traversal flaw was found in the Ceph dashboard implemented in u ...

GHSA-c7h3-g28j-x6jq

github

больше 3 лет назад

openSUSE-SU-2020:0187-1

suse-cvrf

почти 6 лет назад

Security update for ceph

7.5 High

CVSS3