CVE-2020-1760 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Cross-site scripting |
Description | A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. If the attacker knows the path to a publicly readable object on any RGW cluster and the object is at least large enough to cover the attack body then it is possible to run an XSS on any object. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1195 | ceph | 14.2.8-1 | 15.2.6-1 | High | Fixed | FS#67047 |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
26 Nov 2020 | ASA-202011-22 | AVG-1195 | ceph | High | multiple issues |