Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4528-1.NASL
HistorySep 22, 2020 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS : Ceph vulnerabilities (USN-4528-1)

2020-09-2200:00:00
Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

77.7%

JSON

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4528-1 advisory.

  • A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. (CVE-2020-1760)

  • A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. (CVE-2020-10753)

  • An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. (CVE-2020-12059)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4528-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(140730);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id("CVE-2020-1760", "CVE-2020-10753", "CVE-2020-12059");
  script_xref(name:"USN", value:"4528-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : Ceph vulnerabilities (USN-4528-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as
referenced in the USN-4528-1 advisory.

  - A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon
    S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted
    input. (CVE-2020-1760)

  - A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related
    to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader
    tag in the CORS configuration file generates a header injection in the response when the CORS request is
    made. Ceph versions 3.x and 4.x are vulnerable to this issue. (CVE-2020-10753)

  - An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the
    RGW process by triggering a NULL pointer exception. (CVE-2020-12059)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4528-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1760");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-10753");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/09/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph-fs-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph-fuse");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph-mds");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph-mgr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph-mon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph-osd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph-resource-agents");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcephfs-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcephfs-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcephfs-jni");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcephfs1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcephfs2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:librados-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:librados2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libradosstriper-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libradosstriper1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:librbd-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:librbd1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:librgw-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:librgw2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-ceph");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-cephfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-rados");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-rbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-rgw");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3-ceph-argparse");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3-cephfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3-rados");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3-rbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3-rgw");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:rados-objclass-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:radosgw");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:rbd-fuse");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:rbd-mirror");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:rbd-nbd");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'ceph', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'ceph-common', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'ceph-fs-common', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'ceph-fuse', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'ceph-mds', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'ceph-resource-agents', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'ceph-test', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'libcephfs-dev', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'libcephfs-java', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'libcephfs-jni', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'libcephfs1', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'librados-dev', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'librados2', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'libradosstriper-dev', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'libradosstriper1', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'librbd-dev', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'librbd1', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'librgw-dev', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'librgw2', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'python-ceph', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'python-cephfs', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'python-rados', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'python-rbd', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'radosgw', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'rbd-fuse', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'rbd-mirror', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '16.04', 'pkgname': 'rbd-nbd', 'pkgver': '10.2.11-0ubuntu0.16.04.3'},
    {'osver': '18.04', 'pkgname': 'ceph', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'ceph-base', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'ceph-common', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'ceph-fuse', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'ceph-mds', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'ceph-mgr', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'ceph-mon', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'ceph-osd', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'ceph-resource-agents', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'ceph-test', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'libcephfs-dev', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'libcephfs-java', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'libcephfs-jni', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'libcephfs2', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'librados-dev', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'librados2', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'libradosstriper-dev', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'libradosstriper1', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'librbd-dev', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'librbd1', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'librgw-dev', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'librgw2', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'python-ceph', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'python-cephfs', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'python-rados', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'python-rbd', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'python-rgw', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'python3-ceph-argparse', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'python3-cephfs', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'python3-rados', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'python3-rbd', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'python3-rgw', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'rados-objclass-dev', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'radosgw', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'rbd-fuse', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'rbd-mirror', 'pkgver': '12.2.13-0ubuntu0.18.04.4'},
    {'osver': '18.04', 'pkgname': 'rbd-nbd', 'pkgver': '12.2.13-0ubuntu0.18.04.4'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ceph / ceph-base / ceph-common / ceph-fs-common / ceph-fuse / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linuxcephp-cpe:/a:canonical:ubuntu_linux:ceph
canonicalubuntu_linuxceph-basep-cpe:/a:canonical:ubuntu_linux:ceph-base
canonicalubuntu_linuxceph-commonp-cpe:/a:canonical:ubuntu_linux:ceph-common
canonicalubuntu_linuxceph-fs-commonp-cpe:/a:canonical:ubuntu_linux:ceph-fs-common
canonicalubuntu_linuxceph-fusep-cpe:/a:canonical:ubuntu_linux:ceph-fuse
canonicalubuntu_linuxceph-mdsp-cpe:/a:canonical:ubuntu_linux:ceph-mds
canonicalubuntu_linuxceph-mgrp-cpe:/a:canonical:ubuntu_linux:ceph-mgr
canonicalubuntu_linuxceph-monp-cpe:/a:canonical:ubuntu_linux:ceph-mon
Rows per page:
1-10 of 411

Related

osv 9
ubuntu 2
openvas 24
nessus 33
redhat 4
photon 2
veracode 4
cvelist 4
ubuntucve 4
redhatcve 3
cve 4
prion 4
debiancve 4
nvd 4
freebsd 2
debian 3
fedora 2
archlinux 2
alpinelinux 3
suse 2
gentoo 1
osv
osv
ceph vulnerabilities
2020-09-22 11:17:52
CVE-2020-12059
2020-04-22 13:15:11
CVE-2020-10753
2020-06-26 15:15:11
ubuntu
ubuntu
Ceph vulnerabilities
2020-09-22 00:00:00
Ceph vulnerabilities
2021-01-28 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4528-1)
2020-09-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:1158-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for ceph (EulerOS-SA-2020-1839)
2020-08-31 00:00:00
nessus
nessus
RHEL 7 / 8 : Red Hat Ceph Storage 4.1 (RHSA-2020:3003)
2020-07-20 00:00:00
Photon OS 2.0: Ceph PHSA-2020-2.0-0240
2020-05-13 00:00:00
EulerOS 2.0 SP8 : ceph (EulerOS-SA-2020-1839)
2020-08-28 00:00:00
redhat
redhat
(RHSA-2020:3003) Moderate: Red Hat Ceph Storage 4.1 security and bug fix update
2020-07-20 13:52:21
(RHSA-2020:3504) Moderate: Red Hat Ceph Storage 3.3 security and bug fix update
2020-08-18 17:48:36
(RHSA-2020:3505) Moderate: Red Hat Ceph Storage 3.3 Security update
2020-08-18 17:48:48
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0240
2020-05-08 00:00:00
Important Photon OS Security Update - PHSA-2020-0240
2020-05-08 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-05-07 11:57:37
HTTP Header Injection
2020-07-21 04:06:57
Cross-Site Scripting (XSS)
2020-07-21 04:11:58
cvelist
cvelist
CVE-2020-12059
2020-04-22 00:00:00
CVE-2020-10753
2020-06-26 00:00:00
CVE-2020-1760
2020-04-23 00:00:00
ubuntucve
ubuntucve
CVE-2020-12059
2020-04-22 00:00:00
CVE-2020-10753
2020-06-26 00:00:00
CVE-2020-1760
2020-04-23 00:00:00
redhatcve
redhatcve
CVE-2020-12059
2020-04-23 14:03:54
CVE-2020-10753
2020-06-25 19:22:59
CVE-2020-1760
2020-04-07 07:05:37
cve
cve
CVE-2020-12059
2020-04-22 13:15:11
CVE-2020-10753
2020-06-26 15:15:11
CVE-2020-1760
2020-04-23 15:15:14
prion
prion
Null pointer dereference
2020-04-22 13:15:00
Design/Logic Flaw
2020-06-26 15:15:00
Input validation
2020-04-23 15:15:00
debiancve
debiancve
CVE-2020-12059
2020-04-22 13:15:11
CVE-2020-10753
2020-06-26 15:15:11
CVE-2020-1760
2020-04-23 15:15:14
nvd
nvd
CVE-2020-12059
2020-04-22 13:15:11
CVE-2020-10753
2020-06-26 15:15:11
CVE-2020-1760
2020-04-23 15:15:14
freebsd
freebsd
ceph14 -- HTTP header injection via CORS ExposeHeader tag
2020-05-27 00:00:00
ceph14 -- multiple security issues
2020-04-07 00:00:00
debian
debian
[SECURITY] [DLA 2735-1] ceph security update
2021-08-10 22:05:10
[SECURITY] [DLA 2171-1] ceph security update
2020-04-09 11:29:20
[SECURITY] [DLA 3629-1] ceph security update
2023-10-23 16:59:44
fedora
fedora
[SECURITY] Fedora 32 Update: ceph-14.2.10-1.fc32
2020-07-06 01:02:55
[SECURITY] Fedora 31 Update: ceph-14.2.9-1.fc31
2020-05-07 04:21:05
archlinux
archlinux
[ASA-202011-22] ceph: multiple issues
2020-11-26 00:00:00
[ASA-202105-3] ceph: multiple issues
2021-05-19 00:00:00
alpinelinux
alpinelinux
CVE-2020-10753
2020-06-26 15:15:11
CVE-2020-1760
2020-04-23 15:15:14
CVE-2021-3524
2021-05-17 17:15:08
suse
suse
Security update for ceph (important)
2020-06-29 00:00:00
Security update for ceph (important)
2020-04-10 00:00:00
gentoo
gentoo
Ceph: Multiple vulnerabilities
2021-05-26 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

77.7%

JSON
Related for UBUNTU_USN-4528-1.NASL
osv9ubuntu2openvas24nessus33redhat4photon2veracode4cvelist4ubuntucve4redhatcve3cve4prion4debiancve4nvd4freebsd2debian3fedora2archlinux2alpinelinux3suse2gentoo1