CVE-2020-25678
N/A
N/A
Summary
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | ceph | ceph versions prior to 16.y.z | affected |
Weaknesses
- CWE-312: CWE-312
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1892109
- https://tracker.ceph.com/issues/37503
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/
- https://security.gentoo.org/glsa/202105-39
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1892109
- https://tracker.ceph.com/issues/37503
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/
- https://security.gentoo.org/glsa/202105-39
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.