Bug 1792337 (CVE-2020-1699)
Summary: | CVE-2020-1699 ceph: improper URL checking leads to information disclosure | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | adeza, bniver, branto, danmick, david, dbecker, fedora, gfidente, hvyas, i, jdurgin, jjoyce, josef, jschluet, kbasil, kkeithle, lhh, loic, lpeer, madam, mburns, ocs-bugs, ramkrsna, sclewis, sisharma, slinaber, sostapov, srangach, steve |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ceph 14.2.7, ceph 15.1.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A path traversal flaw was found in the Ceph dashboard implemented in Ceph storage. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-01-22 20:09:34 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1792338 | ||
Bug Blocks: | 1791584 |
Description
Dhananjay Arunesh
2020-01-17 14:26:45 UTC
Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1792338] This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1699 Statement: This vulnerability affects following Ceph versions of upstream - v14.2.5, v14.2.6, v15.0.0 and it has been fixed in v14.2.7 and v15.1.0. Red Hat Ceph Storage never shipped the affected versions of Ceph hence not affected. |