CVE-2020-1760

CVSS 5.8 MEDIUMEPSS 1.5%CWE-79

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.8EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

23 Apr 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Affected products

[UNKNOWN] · ceph

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760 https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/https://security.gentoo.org/glsa/202105-39 https://usn.ubuntu.com/4528-1/https://www.openwall.com/lists/oss-security/2020/04/07/1