CVE-2020-1716
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-1716
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1716.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-1716
- Related
- Published
- 2021-05-28T13:15:07Z
- Modified
- 2025-01-14T08:34:22.167459Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions before ceph-ansible 6.0.0alpha1 are affected.
- References
Affected packages
Git / github.com/ceph/ceph-ansible
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ceph/ceph-ansible
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
beta-3.*
beta-3.1.0
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.04
v2.*
v2.0
v2.0.0
v2.1.0
v2.2.0
v2.2.0rc1
v2.3.0rc1
v2.3.0rc2
v2.3.0rc3
v2.3.0rc4
v2.3.0rc5
v3.*
v3.0.0
v3.0.0rc1
v3.0.0rc10
v3.0.0rc11
v3.0.0rc12
v3.0.0rc13
v3.0.0rc14
v3.0.0rc15
v3.0.0rc16
v3.0.0rc17
v3.0.0rc18
v3.0.0rc19
v3.0.0rc2
v3.0.0rc3
v3.0.0rc4
v3.0.0rc5
v3.0.0rc6
v3.0.0rc7
v3.0.0rc8
v3.0.0rc9
v3.1.0beta2
v3.1.0beta3
v3.1.0beta4
v3.1.0beta5
v3.1.0beta6
v3.1.0beta7
v3.1.0beta8
v3.1.0beta9
v3.1.0rc1
v3.1.0rc2
v3.2.0beta1
v3.2.0beta2
v3.2.0beta3
v3.2.0beta4
v3.2.0beta5
v3.2.0beta6
v3.2.0beta7
v3.2.0beta8
v3.2.0beta9
v4.*
v4.0.0beta1
v4.0.0rc1
v5.*
v5.0.0
v5.0.0alpha1
v5.0.1
v5.0.2
v5.0.3
v6.*
v6.0.0alpha1