CVE-2020-25678
4.4
MEDIUM
CVSS 3.1
EPSS 0.02%
Description
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
How to fix CVE-2020-25678
To remediate CVE-2020-25678, upgrade the affected package to a fixed version below.
- Debian/ceph—upgrade to 14.2.18-1 or later
Is CVE-2020-25678 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 14.2.18-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |