CVE-2020-25677

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1892108 Issue Tracking Patch
Configurations

Configuration 1

cpe:2.3:a:ceph:ceph-ansible:4.0.41:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*

Information

Published : 2020-12-08 01:15

Updated : 2021-03-04 06:49


NVD link : CVE-2020-25677

Mitre link : CVE-2020-25677

Products Affected
No products.
CWE
CWE-312

Cleartext Storage of Sensitive Information