CVE-2020-25678 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	A flaw was found in ceph in versions prior to 15.2.9 where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1421	ceph	15.2.8-2	15.2.10-1	Medium	Fixed	FS#70062

References
https://ceph.io/releases/v15-2-9-octopus-released/ https://tracker.ceph.com/issues/37503 https://github.com/ceph/ceph/pull/38479 https://github.com/ceph/ceph/pull/38620 https://github.com/ceph/ceph/commit/eb80511e3ea31ca6be7a9634a9141da39485e422 https://github.com/ceph/ceph/commit/4a454bbdd7882086b2744d111ec8381fb2b31224 https://github.com/ceph/ceph/commit/e6738d296365bbabe406141fabb90366727b141f https://github.com/ceph/ceph/commit/18822c373900e9f23bc1a79b9e223c438be44032 https://github.com/ceph/ceph/commit/97dbfd22d7d2710c10178be029cf8c5c1f2cc659 https://github.com/ceph/ceph/commit/d75085a423d393e852448bdc8d1c5591b9a293ec https://github.com/ceph/ceph/commit/dfc3c7b5cadf91e618e4b5a7329947d9e4456293

References

https://ceph.io/releases/v15-2-9-octopus-released/
https://tracker.ceph.com/issues/37503
https://github.com/ceph/ceph/pull/38479
https://github.com/ceph/ceph/pull/38620
https://github.com/ceph/ceph/commit/eb80511e3ea31ca6be7a9634a9141da39485e422
https://github.com/ceph/ceph/commit/4a454bbdd7882086b2744d111ec8381fb2b31224
https://github.com/ceph/ceph/commit/e6738d296365bbabe406141fabb90366727b141f
https://github.com/ceph/ceph/commit/18822c373900e9f23bc1a79b9e223c438be44032
https://github.com/ceph/ceph/commit/97dbfd22d7d2710c10178be029cf8c5c1f2cc659
https://github.com/ceph/ceph/commit/d75085a423d393e852448bdc8d1c5591b9a293ec
https://github.com/ceph/ceph/commit/dfc3c7b5cadf91e618e4b5a7329947d9e4456293