CVE-2020-25678 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Group Package Affected Fixed Severity Status Ticket
AVG-1421 ceph 15.2.8-1 Medium Vulnerable
References
https://tracker.ceph.com/issues/37503
https://github.com/ceph/ceph/pull/38479
https://github.com/ceph/ceph/pull/38620
https://github.com/ceph/ceph/commit/eb80511e3ea31ca6be7a9634a9141da39485e422
https://github.com/ceph/ceph/commit/4a454bbdd7882086b2744d111ec8381fb2b31224
https://github.com/ceph/ceph/commit/e6738d296365bbabe406141fabb90366727b141f
https://github.com/ceph/ceph/commit/18822c373900e9f23bc1a79b9e223c438be44032
https://github.com/ceph/ceph/commit/97dbfd22d7d2710c10178be029cf8c5c1f2cc659
https://github.com/ceph/ceph/commit/d75085a423d393e852448bdc8d1c5591b9a293ec
https://github.com/ceph/ceph/commit/dfc3c7b5cadf91e618e4b5a7329947d9e4456293