CVE-2020-1699Sensitive Information Exposure in Ceph Project Ceph

CWE-200Sensitive Information ExposureCWE-22Path Traversal9 documents8 sources
Severity
7.5HIGHNVD
EPSS
1.8%
top 17.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
THE Ceph Project CephLinuxfoundation CephRedhat Ceph Storage
Timeline
PublishedApr 21
Latest updateMay 24

Description

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDlinuxfoundation/ceph14.2.5, 14.2.6, 15.0.0+2
CVEListV5the_ceph_project/cephFixed in 14.2.7, Fixed in 15.1.0+1

🔴Vulnerability Details

3
GHSA
GHSA-c7h3-g28j-x6jq: A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v142022-05-24
OSV
CVE-2020-1699: A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v142020-04-21
CVEList
CVE-2020-1699: A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v142020-04-21

📋Vendor Advisories

2
Red Hat
ceph: improper URL checking leads to information disclosure2020-01-15
Debian
CVE-2020-1699: ceph - A path traversal flaw was found in the Ceph dashboard implemented in upstream ve...2020

💬Community

2
Bugzilla
CVE-2020-1699 ceph: improper URL checking leads to information disclosure [fedora-all]2020-01-17
Bugzilla
CVE-2020-1699 ceph: improper URL checking leads to information disclosure2020-01-17