CVE-2020-1699
HIGHCeph 14.2.5-14.2.6 and 15.0.0 - Unauthenticated Path Traversal
Title source: llmDescription
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1699
Scores
CVSS v3
7.5
EPSS
0.0182
EPSS Percentile
83.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
CWE-200
Status
published
Products (4)
linuxfoundation/ceph
14.2.5
linuxfoundation/ceph
14.2.6
linuxfoundation/ceph
15.0.0
redhat/ceph_storage
4.0
Published
Apr 21, 2020
Tracked Since
Feb 18, 2026