linuxfoundation ceph CVE-2020-1699 in Linux Foundation and Red Hat Products
Published on April 21, 2020

product logo product logo
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

NVD

Vulnerability Analysis

CVE-2020-1699 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2020-1699 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2020-1699

stack.watch emails you whenever new vulnerabilities are published in Linux Foundation Ceph or Red Hat Ceph Storage. Just hit a watch button to start following.

Linux Foundation Ceph
 
Red Hat Ceph Storage
 

Affected Versions

The Ceph Project ceph:

Exploit Probability

EPSS
1.82%
Percentile
82.67%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.