公告ID: KYLIN-2020-1760
安全等级: 中等
产品: Kylin V3
发布日期: 2020年4月6日
CVE: CVE-2020-1760
CVSS3评分: 5.8
概述:
Red Hat OpenStack Platform 15 (RHOSP) packages Ceph but no longer uses it, instead pulling ceph directly from the Red Hat Ceph Storage 4 repository. For this reason, RHOSP will not be updated for this flaw. This issue affects the versions of ceph as shipped with Red Hat Ceph Storage 3, 4 and Red Hat Openshift Container Storage 4.2 as it allows unauthenticated requests sent by an anonymous user for Amazon S3. 描述:
In Amazon S3, a flaw in the Ceph Object Gateway supports unauthenticated requests (for a few operations) sent by an anonymous user. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. 系统版本:
KYLIN 3.4.x
受影响包列表:
ceph