CVE 2020-1760
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
Related bugs and status
CVE-2020-1760 (Candidate) is related to these bugs:
Bug #1867386: Beast frontend does not allow tuning of maximum backlog of pending connections
Bug #1873193: ceph 15.2.1
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1873193 | ceph 15.2.1 | ceph (Ubuntu) | High | Fix Released |
Bug #1878146: [SRU] ceph 14.2.9
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1878146 | [SRU] ceph 14.2.9 | ceph (Ubuntu) | Undecided | Invalid | ||
1878146 | [SRU] ceph 14.2.9 | ceph (Ubuntu Eoan) | Medium | Fix Released | ||
1878146 | [SRU] ceph 14.2.9 | Ubuntu Cloud Archive | Undecided | Invalid | ||
1878146 | [SRU] ceph 14.2.9 | Ubuntu Cloud Archive train | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.