CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1760 – ceph: header-splitting in RGW GetObject has a possible XSS
https://notcve.org/view.php?id=CVE-2020-1760
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. Se encontró un fallo en Ceph Object Gateway, donde admite peticiones enviadas por un usuario anónimo en Amazon S3. Este fallo podría conllevar a posibles ataques de tipo XSS debido a una falta de neutralización apropiada de una entrada no segura. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760 https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE https://security.gentoo.org/glsa/202105-39 https://usn.ubuntu.com/4528-1 https://www.openwall.com/lists/oss-security/2020/04/07/1 https://access.redhat.com/security/cve/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10712 – openshift/cluster-image-registry-operator: secrets disclosed in logs
https://notcve.org/view.php?id=CVE-2020-10712
A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity. Se encontró un fallo en OpenShift Container Platform versiones 4.1 y posteriores. Una información confidencial fue encontrada para ser registrada por el operador del registro de imagen permitiendo a un atacante conseguir acceso a esos registros, leer y escribir en el almacenamiento que respalda el registro de imágenes interno. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10712 https://access.redhat.com/security/cve/CVE-2020-10712 https://bugzilla.redhat.com/show_bug.cgi?id=1825161 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-1757 – undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
https://notcve.org/view.php?id=CVE-2020-1757
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. Se encontró un fallo en todas las versiones undertow-2.x.x SP1 anteriores a undertow-2.0.30.SP1, en todas las versiones undertow-1.x.x y versiones undertow-2.x.x anteriores a undertow-2.1.0.Final, donde el contenedor de servlets causa que servletPath se normalice incorrectamente al truncar la ruta después del punto y coma, lo que puede conllevar a un mapeo de la aplicación resultando en la omisión de la seguridad. A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-1757 https://bugzilla.redhat.com/show_bug.cgi?id=1752770 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-1759
https://notcve.org/view.php?id=CVE-2020-1759
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. Se detectó una vulnerabilidad en Red Hat Ceph Storage versión 4 y Red Hat Openshift Container Storage versión 4.2 donde, se detectó una vulnerabilidad de reutilización de nonce en el modo seguro del protocolo de messenger v2, que puede permitir a un atacante falsificar etiquetas de autenticación y potencialmente manipular los datos al aprovechar la reutilización de un nonce en una sesión. Los mensajes cifrados usando un valor nonce reutilizado, son susceptibles de serios ataques de confidencialidad e integridad. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE https://security.gentoo.org/glsa/202105-39 • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 0CVE-2020-11100 – haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes
https://notcve.org/view.php?id=CVE-2020-11100
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. En la función hpack_dht_insert en el archivo hpack-tbl.c en el decodificador HPACK en HAProxy versiones 1.8 hasta 2.x anteriores a 2.1.4, un atacante remoto puede escribir bytes arbitrarios alrededor de una determinada ubicación en la pila (heap) por medio de una petición HTTP/2 diseñada, causando posiblemente una ejecución de código remoto. A flaw was found in the way HAProxy processed certain HTTP/2 request packets. This flaw allows an attacker to send crafted HTTP/2 request packets, which cause memory corruption, leading to a crash or potential remote arbitrary code execution with the permissions of the user running HAProxy. The haproxy hpack implementation in hpack-tbl.c handles 0-length HTTP headers incorrectly. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00002.html http://packetstormsecurity.com/files/157323/haproxy-hpack-tbl.c-Out-Of-Bounds-Write.html http://www.haproxy.org https://bugzilla.redhat.com/show_bug.cgi?id=1819111 https://bugzilla.suse.com/show_bug.cgi?id=1168023 https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=5dfc5d5cd0d2128d77253ead3acf03a421ab5b88 https://lists.debian.org/debian-security-announce/2020/msg00052.html https://lists.fedoraproject.org/archives/list/packag • CWE-787: Out-of-bounds Write •