Vulnerability Description
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Ceph | < 16.2.0 |
| Redhat | Ceph Storage | 4.0 |
| Fedoraproject | Fedora | 33 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1892109Issue TrackingPatch
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202105-39Third Party Advisory
- https://tracker.ceph.com/issues/37503PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1892109Issue TrackingPatch
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202105-39Third Party Advisory
- https://tracker.ceph.com/issues/37503PatchVendor Advisory
FAQ
What is CVE-2020-25678?
CVE-2020-25678 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible...
How severe is CVE-2020-25678?
CVE-2020-25678 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25678?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ceph, Redhat Ceph Storage, Fedoraproject Fedora.