Vulnerability Details CVE-2020-12059
An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugzilla.suse.com/show_bug.cgi?id=1170170
- https://docs.ceph.com/docs/master/releases/mimic/
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://tracker.ceph.com/issues/44967
- https://usn.ubuntu.com/4528-1/
- https://bugzilla.suse.com/show_bug.cgi?id=1170170
- https://docs.ceph.com/docs/master/releases/mimic/
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://tracker.ceph.com/issues/44967
- https://usn.ubuntu.com/4528-1/
Products affected by CVE-2020-12059
-
cpe:2.3:a:linuxfoundation:ceph:-
-
cpe:2.3:a:linuxfoundation:ceph:12.2.0
-
cpe:2.3:a:linuxfoundation:ceph:12.2.1
-
cpe:2.3:a:linuxfoundation:ceph:12.2.10
-
cpe:2.3:a:linuxfoundation:ceph:12.2.11
-
cpe:2.3:a:linuxfoundation:ceph:12.2.12
-
cpe:2.3:a:linuxfoundation:ceph:12.2.13
-
cpe:2.3:a:linuxfoundation:ceph:12.2.2
-
cpe:2.3:a:linuxfoundation:ceph:12.2.3
-
cpe:2.3:a:linuxfoundation:ceph:12.2.4
-
cpe:2.3:a:linuxfoundation:ceph:12.2.5
-
cpe:2.3:a:linuxfoundation:ceph:12.2.6
-
cpe:2.3:a:linuxfoundation:ceph:12.2.7
-
cpe:2.3:a:linuxfoundation:ceph:12.2.8
-
cpe:2.3:a:linuxfoundation:ceph:12.2.9
-
cpe:2.3:a:linuxfoundation:ceph:13.2.0
-
cpe:2.3:a:linuxfoundation:ceph:13.2.1
-
cpe:2.3:a:linuxfoundation:ceph:13.2.2
-
cpe:2.3:a:linuxfoundation:ceph:13.2.3
-
cpe:2.3:a:linuxfoundation:ceph:13.2.4
-
cpe:2.3:a:linuxfoundation:ceph:13.2.5
-
cpe:2.3:a:linuxfoundation:ceph:13.2.6
-
cpe:2.3:a:linuxfoundation:ceph:13.2.7
-
cpe:2.3:a:linuxfoundation:ceph:13.2.8
-
cpe:2.3:a:linuxfoundation:ceph:13.2.9
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04