CVE-2020-1760

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-1760
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1760.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-1760
Aliases
Downstream
Related
Published
2020-04-23T15:15:14.607Z
Modified
2026-05-18T05:50:57.739516979Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "16.04"
                },
                {
                    "last_affected": "18.04"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "canonical:ubuntu_linux"
        },
        {
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "debian:debian_linux"
        },
        {
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "31"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "fedoraproject:fedora"
        },
        {
            "cpes": [
                "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "3.0"
                },
                {
                    "last_affected": "4.0"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:ceph_storage"
        },
        {
            "cpes": [
                "cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "4.2"
                }
            ],
            "source": "CPE_FIELD",
            "vendor_product": "redhat:openshift_container_platform"
        }
    ]
}
References

Affected packages

Git / github.com/ceph/ceph

Affected ranges

Type
GIT
Repo
https://github.com/ceph/ceph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5ef401921d7a88aea18ec7558f7f9374ebd8f5a6
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "14.2.21"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*"
}

Affected versions

v0.*
v0.1
v0.18
v0.19
v0.2
v0.4
v0.5
v0.6
v0.7.1
v0.7.2
v0.7.3
v0.9
v11.*
v11.0.0
v13.*
v13.0.0
v14.*
v14.0.0
v14.2.0
v14.2.1
v14.2.10
v14.2.11
v14.2.12
v14.2.13
v14.2.14
v14.2.15
v14.2.16
v14.2.17
v14.2.18
v14.2.19
v14.2.2
v14.2.20
v14.2.3
v14.2.5
v14.2.6
v14.2.7
v14.2.8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1760.json"