CVE-2020-1699
moderate-risk
Published 2020-04-21
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.
Do I need to act?
~
1.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (4)
Affected Vendors
References (2)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1699
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1699
41
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
5/34 · Minimal
Exposure
10/34 · Low