Multiple vulnerabilities in Red Hat Ceph Storage 4
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-1760 CVE-2020-10753 |
| CWE-ID | CWE-79 CWE-74 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
ceph (Red Hat package) Operating systems & Components / Operating system package or component nfs-ganesha (Red Hat package) Operating systems & Components / Operating system package or component cockpit-ceph-installer (Red Hat package) Operating systems & Components / Operating system package or component ceph-medic (Red Hat package) Operating systems & Components / Operating system package or component ceph-ansible (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Ceph Storage Server applications / File servers (FTP/HTTP) |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Stored cross-site scripting
EUVDB-ID: #VU31882
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-1760
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
ceph (Red Hat package): before 14.2.8-81.el7cp
nfs-ganesha (Red Hat package): before 2.8.3-8.el7cp
cockpit-ceph-installer (Red Hat package): before 1.2-0.el7cp
ceph-medic (Red Hat package): before 1.0.8-1.el7cp
ceph-ansible (Red Hat package): before 4.0.25-1.el7cp
Red Hat Ceph Storage: before 4.1
CPE2.3- cpe:2.3:a:red_hat:ceph_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:nfs-ganesha_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cockpit-ceph-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:ceph-medic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:ceph-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:red_hat_ceph_storage:*:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3003
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU48628
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-10753
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
MitigationInstall updates from vendor's website.
ceph (Red Hat package): before 14.2.8-81.el7cp
nfs-ganesha (Red Hat package): before 2.8.3-8.el7cp
cockpit-ceph-installer (Red Hat package): before 1.2-0.el7cp
ceph-medic (Red Hat package): before 1.0.8-1.el7cp
ceph-ansible (Red Hat package): before 4.0.25-1.el7cp
Red Hat Ceph Storage: before 4.1
CPE2.3- cpe:2.3:a:red_hat:ceph_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:nfs-ganesha_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cockpit-ceph-installer_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:ceph-medic_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:ceph-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:red_hat_ceph_storage:*:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3003
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
