| 公告ID: |
KYLIN-2020-1760 |
| 安全等级: |
中等 |
| 产品: |
Kylin V3 |
| 发布日期: |
2020年4月6日 |
| CVE: |
CVE-2020-1760 |
| CVSS3评分: |
5.8 |
概述:
Red Hat OpenStack Platform 15 (RHOSP) packages Ceph but no longer uses it, instead pulling ceph directly from the Red Hat Ceph Storage 4 repository. For this reason, RHOSP will not be updated for this flaw.
This issue affects the versions of ceph as shipped with Red Hat Ceph Storage 3, 4 and Red Hat Openshift Container Storage 4.2 as it allows unauthenticated requests sent by an anonymous user for Amazon S3.
描述:
In Amazon S3, a flaw in the Ceph Object Gateway supports unauthenticated requests (for a few operations) sent by an anonymous user. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.
系统版本:
KYLIN 3.4.x
受影响包列表:
ceph