← back
CVE-2020-25678

CVE-2020-25678

EPSS 0.3%CWE-312
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
08 Jan 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
Affected products
n/a · ceph

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=1892109https://lists.debian.org/debian-lts-announce/2023/10/msg00034.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/https://security.gentoo.org/glsa/202105-39https://tracker.ceph.com/issues/37503