vulnerability
Arch Linux: Cross-site scripting (CVE-2020-1760)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Apr 23, 2020 | Jul 11, 2025 | Nov 27, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Apr 23, 2020
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. If the attacker knows the path to a publicly readable object on any RGW cluster and the object is at least large enough to cover the attack body then it is possible to run an XSS on any object.
Solution
arch-linux-upgrade-latest
References
- CVE-2020-1760
- https://attackerkb.com/topics/CVE-2020-1760
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1760
- URL-https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html
- URL-https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/
- URL-https://security.archlinux.org/ASA-202011-22
- URL-https://security.gentoo.org/glsa/202105-39
- URL-https://usn.ubuntu.com/4528-1/
- URL-https://www.openwall.com/lists/oss-security/2020/04/07/1
- CWE-79
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.