AVG-1421 log
| Package | ceph |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 15.2.8-2 |
| Fixed | 15.2.10-1 |
| Current | 15.2.14-2 [community] |
| Ticket | FS#70062 |
| Created | Fri Jan 8 20:28:51 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-27839 | Medium | Yes | Cross-site scripting | A security issue was found in ceph in versions prior to 15.2.9. The JWT token used by the ceph dashboard for authorising against the API was stored inside... |
| CVE-2020-25678 | Medium | No | Information disclosure | A flaw was found in ceph in versions prior to 15.2.9 where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for... |