PT-2021-11167 · Ceph+5 · Ceph+5

Sage Mctaggart

Published

2021-01-08

Updated

2024-06-15

CVE-2020-25678

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: ceph versions prior to 16.y.z

Description: A flaw was found in ceph where it stores mgr module passwords in clear text. This issue can be identified by searching the mgr logs for grafana and dashboard, with passwords visible. The highest threat from this issue is to confidentiality.

Recommendations: For versions prior to 16.y.z, consider restricting access to the mgr logs to minimize the risk of password exposure until a patch is available. As a temporary workaround, avoid using the mgr module for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

ALT-PU-2021-3111

ALT-PU-2022-2350

CVE-2020-25678

DLA-3629-1

MGASA-2021-0126

OESA-2021-1100

OPENSUSE-SU-2021:0544-1

OPENSUSE-SU-2021_0544-1

OPENSUSE-SU-2024:11652-1

RHSA-2021:1452

SUSE-SU-2021:1108-1

SUSE-SU-2021:1472-1

SUSE-SU-2021:1473-1

SUSE-SU-2021_1108-1

SUSE-SU-2021_1473-1

USN-4998-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Ceph

PT-2021-11167 · Ceph+5 · Ceph+5

CVE-2020-25678

Weakness Enumeration

Related Identifiers

Affected Products

References · 77