DEBIAN-CVE-2020-1699

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2020-1699
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-1699.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-1699
Upstream
Published
2020-04-21T17:15:12.867Z
Modified
2025-11-14T03:05:43.774501Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

References

Affected packages

Debian:11 / ceph

Package

Name
ceph
Purl
pkg:deb/debian/ceph?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.2.6-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / ceph

Package

Name
ceph
Purl
pkg:deb/debian/ceph?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.2.6-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / ceph

Package

Name
ceph
Purl
pkg:deb/debian/ceph?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.2.6-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / ceph

Package

Name
ceph
Purl
pkg:deb/debian/ceph?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.2.6-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}