PT-2020-16157 · Ceph · Ceph-Ansible

Sage Mctaggart

Published

2020-12-08

Updated

2021-03-04

CVE-2020-25677

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ceph-ansible versions 4.0.34.1 through 4.0.41

Description A flaw in Ceph-ansible allows any user on the system to read sensitive information within the /etc/ceph/iscsi-gateway.conf file due to insecure default permissions. The highest threat from this issue is to confidentiality.

Recommendations For versions 4.0.34.1 through 4.0.41, consider changing the permissions of the /etc/ceph/iscsi-gateway.conf file to restrict access to sensitive information until a patch is available. As a temporary workaround, restrict access to the iscsi-gateway.conf file to minimize the risk of exploitation.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2020-25677

RHSA-2021:0081

Affected Products

Ceph-Ansible

PT-2020-16157 · Ceph · Ceph-Ansible

CVE-2020-25677

Weakness Enumeration

Related Identifiers

Affected Products

References · 5