Alpine: ceph: security update to 14.2.7-r0

high Tenable Cloud Security Plugin ID 403782

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6,
v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker
could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.
(CVE-2020-1699)

- A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated
attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a
socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of
CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate
users from connecting to the system. (CVE-2020-1700)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-1699

https://security.alpinelinux.org/vuln/CVE-2020-1700

Plugin Details

Severity: High

ID: 403782

Version: Revision 1.25

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2020-1699

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/3/2020

Reference Information

CVE: CVE-2020-1699, CVE-2020-1700