CVE-2020-25677

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-25677
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25677.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-25677
Related
Published
2020-12-08T01:15:12Z
Modified
2024-09-03T03:22:57.623189Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.

References

Affected packages

Git / github.com/ceph/ceph-ansible

Affected ranges

Type
GIT
Repo
https://github.com/ceph/ceph-ansible
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
13ca0531d8b27d1a32ed8309dd9a1a3563199e30
Last affected
f6d1be269f204f1e62f47385f1b74666d2ffbf34

Affected versions

beta-3.*

beta-3.1.0

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.04

v2.*

v2.0
v2.0.0
v2.1.0
v2.2.0
v2.2.0rc1
v2.3.0rc1
v2.3.0rc2
v2.3.0rc3
v2.3.0rc4
v2.3.0rc5

v3.*

v3.0.0
v3.0.0rc1
v3.0.0rc10
v3.0.0rc11
v3.0.0rc12
v3.0.0rc13
v3.0.0rc14
v3.0.0rc15
v3.0.0rc16
v3.0.0rc17
v3.0.0rc18
v3.0.0rc19
v3.0.0rc2
v3.0.0rc3
v3.0.0rc4
v3.0.0rc5
v3.0.0rc6
v3.0.0rc7
v3.0.0rc8
v3.0.0rc9
v3.1.0beta2
v3.1.0beta3
v3.1.0beta4
v3.1.0beta5
v3.1.0beta6
v3.1.0beta7
v3.1.0beta8
v3.1.0beta9
v3.1.0rc1
v3.1.0rc2
v3.2.0beta1
v3.2.0beta2
v3.2.0beta3
v3.2.0beta4
v3.2.0beta5
v3.2.0beta6
v3.2.0beta7
v3.2.0beta8
v3.2.0beta9

v4.*

v4.0.0
v4.0.0beta1
v4.0.0rc1
v4.0.0rc10
v4.0.0rc11
v4.0.0rc12
v4.0.0rc13
v4.0.0rc14
v4.0.0rc15
v4.0.0rc16
v4.0.0rc2
v4.0.0rc3
v4.0.0rc4
v4.0.0rc5
v4.0.0rc6
v4.0.0rc7
v4.0.0rc8
v4.0.0rc9