CVE-2020-1699
7.5
HIGH
CVSS 3.1
EPSS 1.9%
Description
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.
How to fix CVE-2020-1699
To remediate CVE-2020-1699, upgrade the affected package to a fixed version below.
- Bitnami/ceph—no fix listed
- —upgrade to 14.2.6-4 or later
Is CVE-2020-1699 being exploited?
Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 14.2.5, <= 14.2.5, >= 14.2.6, <= 14.2.6, >= 15.0.0, <= 15.0.0
- from 0, < 14.2.6-4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |