Unrated severityNVD Advisory· Published Jan 8, 2021· Updated Feb 13, 2025
CVE-2020-25678
CVE-2020-25678
Description
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Affected products
16- ceph/cephdescription
- osv-coords15 versionspkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/ceph&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ceph&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/ceph&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/ceph&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/deepsea&distro=SUSE%20Enterprise%20Storage%206
< 15.2.9.83+g4275378de0-lp152.2.12.1+ 14 more
- (no CPE)range: < 15.2.9.83+g4275378de0-lp152.2.12.1
- (no CPE)range: < 16.2.6.463+g22e7612f9ad-1.1
- (no CPE)range: < 15.2.9.83+g4275378de0-lp152.2.12.1
- (no CPE)range: < 14.2.20.402+g6aa76c6815-3.60.1
- (no CPE)range: < 15.2.9.83+g4275378de0-3.17.1
- (no CPE)range: < 14.2.20.402+g6aa76c6815-3.60.1
- (no CPE)range: < 14.2.20.402+g6aa76c6815-3.60.1
- (no CPE)range: < 15.2.9.83+g4275378de0-3.17.1
- (no CPE)range: < 14.2.20.402+g6aa76c6815-3.60.1
- (no CPE)range: < 14.2.20.402+g6aa76c6815-3.60.1
- (no CPE)range: < 14.2.20.402+g6aa76c6815-3.60.1
- (no CPE)range: < 14.2.20.402+g6aa76c6815-3.60.1
- (no CPE)range: < 14.2.20.402+g6aa76c6815-3.60.1
- (no CPE)range: < 14.2.20.402+g6aa76c6815-3.60.1
- (no CPE)range: < 0.9.35+git.0.5a1dc9fe-3.34.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202105-39mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- tracker.ceph.com/issues/37503mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2023/10/msg00034.htmlmitre
News mentions
0No linked articles in our index yet.