CVE-2020-25678

{"id": "CVE-2020-25678", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2021-01-08T18:15:13.293", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109", "tags": ["Issue Tracking", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/", "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/202105-39", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://tracker.ceph.com/issues/37503", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892109", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202105-39", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://tracker.ceph.com/issues/37503", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en ceph en versiones anteriores a 16.yz, donde ceph almacena contrase\u00f1as del m\u00f3dulo mgr en texto sin cifrar. Esto puede ser encontrado al buscar en los registros mgr para grafana y dashboard, con contrase\u00f1as visibles"}], "lastModified": "2024-11-21T05:18:26.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3669614D-F320-49C7-B633-6B5681148C84", "versionEndExcluding": "16.2.0"}, {"criteria": "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6E54096-5D45-4CB2-AC9A-DDB55BF2B94C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}