CVE-2020-1699

Summary

CVE	CVE-2020-1699
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-04-21 17:15:00 UTC
Updated	2023-11-07 03:19:00 UTC
Description	A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

Risk And Classification

Problem Types: CWE-22

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Linuxfoundation	Ceph	14.2.5	All	All	All
Application	Linuxfoundation	Ceph	14.2.6	All	All	All
Application	Linuxfoundation	Ceph	15.0.0	All	All	All
Application	Linuxfoundation	Ceph	14.2.5	All	All	All
Application	Linuxfoundation	Ceph	14.2.6	All	All	All
Application	Linuxfoundation	Ceph	15.0.0	All	All	All
Application	Redhat	Ceph Storage	4.0	All	All	All
Application	Redhat	Ceph Storage	4.0	All	All	All

References

Reference	Source	Link	Tags
1792337 – (CVE-2020-1699) CVE-2020-1699 ceph: improper URL checking leads to information disclosure	CONFIRM	bugzilla.redhat.com	Issue Tracking, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

500846 Alpine Linux Security Update for ceph
502823 Alpine Linux Security Update for ceph16