CVE-2020-1699

HIGH

Linuxfoundation Ceph - Information Disclosure

Title source: rule

Description

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

References (1)

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1699

Scores

CVSS v3 7.5

EPSS 0.0182

EPSS Percentile 82.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22 CWE-200

Status published

Affected Products (4)

linuxfoundation/ceph

redhat/ceph_storage

Timeline

Published Apr 21, 2020

Tracked Since Feb 18, 2026