CVE-2020-1760 MEDIUM

CVE-2020-1760

Vendor [Unknown]
Product ceph
Weakness CWE-79 · XSS
Published April 23, 2020
Last update August 4, 2024

CVSS base score

5.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

Key dates

02Disclosure timeline

April 23, 2020 CVE published
August 4, 2024 Record updated