Vulnerability CVE-2020-25678


Published: 2021-01-08

Description:
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

Type:

CWE-312

(Cleartext Storage of Sensitive Information)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Redhat -> CEPH 
Redhat -> Ceph storage 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=1892109
https://tracker.ceph.com/issues/37503

Copyright 2024, cxsecurity.com

 

Back to Top