Home > Vulnerability Database > CVE-2020-25678

Mend.io Vulnerability Database

CVE-2020-25678

Date: January 8, 2021

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

Language: C++

Severity Score

4.4

Related Resources (12)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25678

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-25678

Url: https://security.gentoo.org/glsa/202105-39

Url: https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html

Url: https://tracker.ceph.com/issues/37503

Url: https://access.redhat.com/security/cve/CVE-2020-25678

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/

Url: https://security-tracker.debian.org/tracker/CVE-2020-25678

Url: https://access.redhat.com/errata/RHSA-2021:1452

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1892109

Url: https://www.mend.io/vulnerability-database/CVE-2020-25678

Severity Score

4.4

Weakness Type (CWE)

Cleartext Storage of Sensitive Information

CWE-312

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-25678

Date: January 8, 2021

Language: C++

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?