A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.
{
"unresolved_ranges": [
{
"vendor_product": "redhat:ceph_storage",
"cpes": [
"cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "3.0"
},
{
"last_affected": "3.0"
},
{
"introduced": "4.0"
},
{
"last_affected": "4.0"
}
]
}
]
}