Lucene search

[email protected]CVE-2020-1699

HistoryApr 21, 2020 - 5:15 p.m.

CVE-2020-1699

2020-04-2117:15:12

CWE-200

CWE-22

[email protected]

web.nvd.nist.gov

145

ceph

dashboard

path traversal

vulnerability

cve-2020-1699

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

Affected configurations

Vulners

NVD

Node

cephcephRange≤14.2.7

cephcephRange≤15.1.0

VendorProductVersionCPE
cephceph*cpe:2.3:a:ceph:ceph:*:*:*:*:*:*:*:*
cephceph*cpe:2.3:a:ceph:ceph:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ceph	ceph	*	cpe:2.3:a:ceph:ceph::::::::
ceph	ceph	*	cpe:2.3:a:ceph:ceph::::::::

CNA Affected

[
  {
    "product": "ceph",
    "vendor": "The Ceph Project",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 14.2.7"
      },
      {
        "status": "affected",
        "version": "Fixed in 15.1.0"
      }
    ]
  }
]