AVG-1421 log

Package ceph
Status Fixed
Severity Medium
Type multiple issues
Affected 15.2.8-2
Fixed 15.2.10-1
Current 15.2.14-2 [community]
Ticket FS#70062
Created Fri Jan 8 20:28:51 2021
Issue Severity Remote Type Description
CVE-2020-27839 Medium Yes Cross-site scripting
A security issue was found in ceph in versions prior to 15.2.9. The JWT token used by the ceph dashboard for authorising against the API was stored inside...
CVE-2020-25678 Medium No Information disclosure
A flaw was found in ceph in versions prior to 15.2.9 where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for...