A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-3629-1 ceph security update
EUVD EUVD EUVD-2020-18340 A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Ubuntu USN Ubuntu USN USN-4998-1 Ceph vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-02-13T16:27:41.662Z

Reserved: 2020-09-16T00:00:00.000Z

Link: CVE-2020-25678

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-01-08T18:15:13.293

Modified: 2024-11-21T05:18:26.617

Link: CVE-2020-25678

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-11-23T00:00:00Z

Links: CVE-2020-25678 - Bugzilla

cve-icon OpenCVE Enrichment

No data.