CVE-2020-25677

Source
https://cve.org/CVERecord?id=CVE-2020-25677
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25677.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-25677
Downstream
Published
2020-12-08T01:15:12.070Z
Modified
2026-07-08T05:58:44.278060083Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.

Database specific
{
    "unresolved_ranges": [
        {
            "vendor_product": "redhat:ceph_storage",
            "cpes": [
                "cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "introduced": "3.0"
                },
                {
                    "last_affected": "3.0"
                },
                {
                    "introduced": "4.0"
                },
                {
                    "last_affected": "4.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/ceph/ceph-ansible

Affected ranges

Type
GIT
Repo
https://github.com/ceph/ceph-ansible
Events
Database specific
{
    "cpe": "cpe:2.3:a:ceph:ceph-ansible:4.0.41:*:*:*:*:*:*:*",
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "4.0.41"
        },
        {
            "last_affected": "4.0.41"
        }
    ]
}

Affected versions

4.*
4.0.41
v4.*
v4.0.41

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25677.json"