CVE-2020-1760

MEDIUM

Ceph Object Gateway - XSS

Title source: llm

Description

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

References (7)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

[Third Party Advisory] https://security.gentoo.org/glsa/202105-39

[Third Party Advisory] https://usn.ubuntu.com/4528-1/

[Mailing List, Patch, Third Party Advisory] https://www.openwall.com/lists/oss-security/2020/04/07/1

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/

Scores

CVSS v3 5.8

EPSS 0.0035

EPSS Percentile 57.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Classification

CWE

CWE-79

Status published

Affected Products (8)

linuxfoundation/ceph < 14.2.21

redhat/ceph_storage

redhat/openshift_container_platform

fedoraproject/fedora

canonical/ubuntu_linux

debian/debian_linux

Timeline

Published Apr 23, 2020

Tracked Since Feb 18, 2026