CVE-2020-25678
MEDIUMCeph < 16.2.0 - Cleartext Storage of Sensitive Information in Mgr Module Logs
Title source: llmDescription
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
References (5)
Core 5
Core References
Issue Tracking, Patch x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1892109
Patch, Vendor Advisory x_refsource_misc
https://tracker.ceph.com/issues/37503
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202105-39
Scores
CVSS v3
4.4
EPSS
0.0002
EPSS Percentile
5.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (3)
fedoraproject/fedora
33
redhat/ceph
< 16.2.0
redhat/ceph_storage
4.0
Published
Jan 08, 2021
Tracked Since
Feb 18, 2026