Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
187
VMScore

CVE-2020-25677

Published: 08/12/2020 Updated: 04/03/2021
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ceph ceph-ansible 4.0.41

redhat ceph storage 3.0

redhat ceph storage 4.0

Vendor Advisories

Red Hat: Important: Red Hat Ceph Storage 4.2 Security and Bug Fix update
Synopsis Important: Red Hat Ceph Storage 42 Security and Bug Fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Ceph Storage 42Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update
Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Mailing Lists

Full Disclosure: CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost
Dear all, cephx authentication protocol does not verify ceph clients correctly, and is vulnerable to replay attacks in nautilus and later An attacker with access to the Ceph cluster network can use this vulnerability to authenticate with ceph service, via a packet sniffer This allows them to perform actions allowed by the ceph service This is a ...
Full Disclosure: Re: CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost
Correction The correct CVE is CVE-2020-25660 Ana McTaggart Red Hat Product Security Red Hat Remote <wwwredhatcom> secalert () redhat com for urgent response amct () redhat com M: 7742790791 IM: amctagga Pronouns:They/Them/Theirs On Tue, Nov 17, 2020 at 9:10 AM Ana McTaggart <amctagga () redhat com> wrote: ...

References

CWE-312https://bugzilla.redhat.com/show_bug.cgi?id=1892108https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2021:0081
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4541CVE-2024-3080CVE-2024-4787log injectionCVE-2024-5967injectCVE-2024-30078CVE-2024-5899
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook