---

CVE-2020-25678 - log back

CVE-2020-25678 edited at 18 Mar 2021 12:26:32
Description	- A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. + A flaw was found in ceph in versions prior to 15.2.9 where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
References	+ https://ceph.io/releases/v15-2-9-octopus-released/ https://tracker.ceph.com/issues/37503 https://github.com/ceph/ceph/pull/38479 https://github.com/ceph/ceph/pull/38620 https://github.com/ceph/ceph/commit/eb80511e3ea31ca6be7a9634a9141da39485e422 https://github.com/ceph/ceph/commit/4a454bbdd7882086b2744d111ec8381fb2b31224 https://github.com/ceph/ceph/commit/e6738d296365bbabe406141fabb90366727b141f https://github.com/ceph/ceph/commit/18822c373900e9f23bc1a79b9e223c438be44032 https://github.com/ceph/ceph/commit/97dbfd22d7d2710c10178be029cf8c5c1f2cc659 https://github.com/ceph/ceph/commit/d75085a423d393e852448bdc8d1c5591b9a293ec https://github.com/ceph/ceph/commit/dfc3c7b5cadf91e618e4b5a7329947d9e4456293

CVE-2020-25678 edited at 08 Jan 2021 20:36:21
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Information disclosure
Description	+ A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
References	+ https://tracker.ceph.com/issues/37503 + https://github.com/ceph/ceph/pull/38479 + https://github.com/ceph/ceph/pull/38620 + https://github.com/ceph/ceph/commit/eb80511e3ea31ca6be7a9634a9141da39485e422 + https://github.com/ceph/ceph/commit/4a454bbdd7882086b2744d111ec8381fb2b31224 + https://github.com/ceph/ceph/commit/e6738d296365bbabe406141fabb90366727b141f + https://github.com/ceph/ceph/commit/18822c373900e9f23bc1a79b9e223c438be44032 + https://github.com/ceph/ceph/commit/97dbfd22d7d2710c10178be029cf8c5c1f2cc659 + https://github.com/ceph/ceph/commit/d75085a423d393e852448bdc8d1c5591b9a293ec + https://github.com/ceph/ceph/commit/dfc3c7b5cadf91e618e4b5a7329947d9e4456293
Notes

CVE-2020-25678 created at 08 Jan 2021 20:28:51