CVE-2020-25678

Published: Jan 8, 2021

Modified: Feb 13, 2025

PUBLISHED

Description

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

Vendor	Product	Versions
n/a	ceph	affected `ceph versions prior to 16.y.z`

Weaknesses (CWE)

CWE-312

References

https://bugzilla.redhat.com/show_bug.cgi?id=1892109

x_refsource_MISC

https://tracker.ceph.com/issues/37503

x_refsource_MISC

FEDORA-2021-93ff9e9103

vendor-advisory

x_refsource_FEDORA

GLSA-202105-39

vendor-advisory

x_refsource_GENTOO

https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-25678

Description

Affected Products

Weaknesses (CWE)

References