What is CVE-2020-1699?

CVE-2020-1699 is a high-severity vulnerability in Linuxfoundation Ceph, classified under Information Disclosure. CVSS score: 7.5/10. Published 2020-04-21.

How severe is CVE-2020-1699?

High severity. CVSS v3 base score is 7.5 out of 10.

Path Traversal in Linuxfoundation Ceph

CVE-2020-1699

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause inf…

Vulnerability class: Information Disclosure

EPSS: 0.021 (79.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Linuxfoundation Ceph — versions 14.2.5, 14.2.6, 15.0.0
The Ceph Project — versions Fixed in 14.2.7, Fixed in 15.1.0
Redhat Ceph_storage — versions 4.0

Weakness classification (CWE)

References

secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2020-1699?: CVE-2020-1699 is a high-severity vulnerability in Linuxfoundation Ceph, classified under Information Disclosure. CVSS score: 7.5/10. Published 2020-04-21.
How severe is CVE-2020-1699?: High severity. CVSS v3 base score is 7.5 out of 10.