CVE-2020-25678

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-25678
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25678.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-25678
Downstream
Related
Published
2021-01-08T18:15:13.293Z
Modified
2026-04-16T00:04:49.040035085Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "4.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "33"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/ceph/ceph

Affected ranges

Type
GIT
Repo
https://github.com/ceph/ceph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0c2054e95bcd9b30fdd908a79ac1d8bbc3394442
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "16.2.0"
        }
    ]
}

Affected versions

v0.*
v0.1
v0.18
v0.19
v0.2
v0.4
v0.5
v0.6
v0.7.1
v0.7.2
v0.7.3
v0.9
v11.*
v11.0.0
v13.*
v13.0.0
v14.*
v14.0.0
v15.*
v15.0.0
v16.*
v16.0.0
v16.1.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25678.json"