{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-12059", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T11:48:57.997Z", "dateReserved": "2020-04-22T00:00:00", "datePublished": "2020-04-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-23T18:06:33.325387"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://tracker.ceph.com/issues/44967"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1170170"}, {"url": "https://docs.ceph.com/docs/master/releases/mimic/"}, {"name": "USN-4528-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4528-1/"}, {"name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:48:57.997Z"}, "title": "CVE Program Container", "references": [{"url": "https://tracker.ceph.com/issues/44967", "tags": ["x_transferred"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1170170", "tags": ["x_transferred"]}, {"url": "https://docs.ceph.com/docs/master/releases/mimic/", "tags": ["x_transferred"]}, {"name": "USN-4528-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4528-1/"}, {"name": "[debian-lts-announce] 20231023 [SECURITY] [DLA 3629-1] ceph security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:ceph:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0BF77FB-660B-42B7-9F0D-88FA89C4E092", "versionEndIncluding": "13.2.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Ceph versiones hasta la versi\u00f3 13.2.9. Una petici\u00f3n POST con un XML de etiquetado no valido puede bloquear el proceso RGW al desencadenar una excepci\u00f3n del puntero NULL."}], "id": "CVE-2020-12059", "lastModified": "2023-10-23T19:15:09.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-22T13:15:11.337", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1170170"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.ceph.com/docs/master/releases/mimic/"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://tracker.ceph.com/issues/44967"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4528-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:1518", "cpe": "cpe:/a:redhat:ceph_storage:3::el7", "package": "ceph-2:12.2.12-139.el7cp", "product_name": "Red Hat Ceph Storage 3 - ELS", "release_date": "2021-05-06T00:00:00Z"}, {"advisory": "RHSA-2021:1518", "cpe": "cpe:/a:redhat:ceph_storage:3::el7", "package": "ceph-ansible-0:3.2.56-1.el7cp", "product_name": "Red Hat Ceph Storage 3 - ELS", "release_date": "2021-05-06T00:00:00Z"}, {"advisory": "RHSA-2021:1518", "cpe": "cpe:/a:redhat:ceph_storage:3::el7", "package": "cephmetrics-0:2.0.10-1.el7cp", "product_name": "Red Hat Ceph Storage 3 - ELS", "release_date": "2021-05-06T00:00:00Z"}, {"advisory": "RHSA-2021:1518", "cpe": "cpe:/a:redhat:ceph_storage:3::el7", "package": "grafana-0:5.2.4-3.el7cp", "product_name": "Red Hat Ceph Storage 3 - ELS", "release_date": "2021-05-06T00:00:00Z"}, {"advisory": "RHSA-2021:1518", "cpe": "cpe:/a:redhat:ceph_storage:3::el7", "package": "tcmu-runner-0:1.4.0-3.el7cp", "product_name": "Red Hat Ceph Storage 3 - ELS", "release_date": "2021-05-06T00:00:00Z"}], "bugzilla": {"description": "ceph: specially crafted XML payload on POST requests leads to DoS by crashing RGW", "id": "1827262", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827262"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.", "A flaw was found in the Ceph Object Gateway S3 API, where it did not properly validate the POST requests. This flaw allows an attacker to perform a denial of service attack using a malicious POST request with specially crafted XML payload, leading to a crash of the RGW process."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-12059", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:15", "fix_state": "Not affected", "package_name": "ceph", "product_name": "Red Hat OpenStack Platform 15 (Stein)"}], "public_date": "2020-04-07T10:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12059\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12059\nhttps://ceph.io/releases/v13-2-10-mimic-released/"], "statement": "This issue affects the versions of ceph as shipped with Red Hat Ceph Storage 3, as it does not validate the parameter when reading the tagging field from POST obj XML.\nRed Hat OpenStack Platform 13 provides only the ceph client library and is not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "ceph 13.2.10"}