CVE-2020-25677
MEDIUMceph-ansible - Cleartext Storage of Sensitive Information in iscsi-gateway.conf
Title source: llmDescription
A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.
References (1)
Core 1
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1892108
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
5.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (3)
ceph/ceph-ansible
4.0.41
redhat/ceph_storage
3.0
redhat/ceph_storage
4.0
Published
Dec 08, 2020
Tracked Since
Feb 18, 2026