A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1892109 | Issue Tracking Patch |
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/ | |
https://security.gentoo.org/glsa/202105-39 | Third Party Advisory |
https://tracker.ceph.com/issues/37503 | Patch Vendor Advisory |
Configurations
History
23 Oct 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE |
12 Feb 2023, 23:40
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-312 | |
References |
|
|
Summary | A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. |
02 Feb 2023, 16:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard, with passwords visible. The highest threat from this vulnerability is to confidentiality. | |
CWE |
28 May 2021, 19:42
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202105-39 - Third Party Advisory |
27 May 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Apr 2021, 19:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
25 Mar 2021, 20:47
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
05 Mar 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jan 2021, 17:19
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.9 |
CPE | cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:* |
|
References | (MISC) https://tracker.ceph.com/issues/37503 - Patch, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1892109 - Issue Tracking, Patch |
08 Jan 2021, 18:42
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-08 18:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-25678
Mitre link : CVE-2020-25678
CVE.ORG link : CVE-2020-25678
JSON object : View
Products Affected
redhat
- ceph
- ceph_storage
fedoraproject
- fedora
CWE
CWE-312
Cleartext Storage of Sensitive Information