CVE-2020-25677

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1892108 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ceph:ceph-ansible:4.0.41:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-12-08 01:15

Updated : 2024-02-04 21:23


NVD link : CVE-2020-25677

Mitre link : CVE-2020-25677

CVE.ORG link : CVE-2020-25677


JSON object : View

Products Affected

ceph

  • ceph-ansible

redhat

  • ceph_storage
CWE
CWE-312

Cleartext Storage of Sensitive Information