A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1892109 | Issue Tracking Patch |
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/ | |
https://security.gentoo.org/glsa/202105-39 | Third Party Advisory |
https://tracker.ceph.com/issues/37503 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2021-01-08T17:59:34
Updated: 2021-05-26T23:06:22
Reserved: 2020-09-16T00:00:00
Link: CVE-2020-25678
JSON object: View
NVD Information
Status : Modified
Published: 2021-01-08T18:15:13.293
Modified: 2023-10-23T19:15:10.177
Link: CVE-2020-25678
JSON object: View
Redhat Information
No data.
CWE