CVE-2020-25678

Sažetak

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1892109
https://tracker.ceph.com/issues/37503
https://security.gentoo.org/glsa/202105-39
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

23-10-2023 - 19:15

Objavljeno

08-01-2021 - 18:15