CVE-2020-25678
First published: Tue Oct 27 2020(Updated: )
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ceph | <2:14.2.11-147.el7c | 2:14.2.11-147.el7c |
| redhat/ceph-ansible | <0:4.0.49.2-1.el8c | 0:4.0.49.2-1.el8c |
| redhat/gperftools | <0:2.6.3-3.el8c | 0:2.6.3-3.el8c |
| redhat/tcmu-runner | <0:1.5.2-2.el7c | 0:1.5.2-2.el7c |
| Redhat Ceph | <16.2.0 | |
| Redhat Ceph Storage | =4.0 | |
| Fedoraproject Fedora | =33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1892109
- https://tracker.ceph.com/issues/37503
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/
- https://security.gentoo.org/glsa/202105-39
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1900681
- https://access.redhat.com/errata/RHSA-2021:1452
- https://access.redhat.com/security/cve/cve-2020-25678
- https://www.cve.org/CVERecord?id=CVE-2020-25678 https://nvd.nist.gov/vuln/detail/CVE-2020-25678 https://tracker.ceph.com/issues/37503
Frequently Asked Questions
What is the vulnerability ID for this flaw in Ceph?
The vulnerability ID for this flaw in Ceph is CVE-2020-25678.
What is the impact of CVE-2020-25678?
The highest threat from this vulnerability is to confidentiality.
How can I identify if my Ceph installation is affected by CVE-2020-25678?
You can identify if your Ceph installation is affected by searching the mgr logs for Grafana and dashboard, with passwords visible.
What is the severity level of CVE-2020-25678?
The severity level of CVE-2020-25678 is medium.
Where can I find more information about CVE-2020-25678?
You can find more information about CVE-2020-25678 at the following references: [link 1](https://tracker.ceph.com/issues/37503), [link 2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1900681), [link 3](https://access.redhat.com/errata/RHSA-2021:1452).
- collector/redhat-cve
- collector/mitre-cve
- agent/author
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-25678
- agent/references
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- package-manager/redhat
- vendor/redhat
- canonical/redhat ceph
- canonical/redhat ceph storage
- version/redhat ceph storage/4.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33