CVE-2020-25677

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-25677

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25677.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-25677

Downstream

RHSA-2021:0081

Published

2020-12-08T01:15:12.070Z

Modified

2026-03-14T10:07:01.149237Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1892108

Affected packages

Git / github.com/ceph/ceph-ansible

Affected ranges

Type

GIT

Repo

https://github.com/ceph/ceph-ansible

Events

Introduced

Last affected

d14723d5b47be85f05e3a8febb04aeddbf62b5c9

Introduced

Last affected

f6d1be269f204f1e62f47385f1b74666d2ffbf34

Introduced

Last affected

13ca0531d8b27d1a32ed8309dd9a1a3563199e30

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.41"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0"
        }
    ]
}

Affected versions

beta-3.*

beta-3.1.0

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.04

v2.*

v2.0

v2.0.0

v2.1.0

v2.2.0

v2.2.0rc1

v2.3.0rc1

v2.3.0rc2

v2.3.0rc3

v2.3.0rc4

v2.3.0rc5

v3.*

v3.0.0

v3.0.0rc1

v3.0.0rc10

v3.0.0rc11

v3.0.0rc12

v3.0.0rc13

v3.0.0rc14

v3.0.0rc15

v3.0.0rc16

v3.0.0rc17

v3.0.0rc18

v3.0.0rc19

v3.0.0rc2

v3.0.0rc3

v3.0.0rc4

v3.0.0rc5

v3.0.0rc6

v3.0.0rc7

v3.0.0rc8

v3.0.0rc9

v3.1.0beta2

v3.1.0beta3

v3.1.0beta4

v3.1.0beta5

v3.1.0beta6

v3.1.0beta7

v3.1.0beta8

v3.1.0beta9

v3.1.0rc1

v3.1.0rc2

v3.2.0beta1

v3.2.0beta2

v3.2.0beta3

v3.2.0beta4

v3.2.0beta5

v3.2.0beta6

v3.2.0beta7

v3.2.0beta8

v3.2.0beta9

v4.*

v4.0.0

v4.0.0beta1

v4.0.0rc1

v4.0.0rc10

v4.0.0rc11

v4.0.0rc12

v4.0.0rc13

v4.0.0rc14

v4.0.0rc15

v4.0.0rc16

v4.0.0rc2

v4.0.0rc3

v4.0.0rc4

v4.0.0rc5

v4.0.0rc6

v4.0.0rc7

v4.0.0rc8

v4.0.0rc9

v4.0.1

v4.0.10

v4.0.11

v4.0.12

v4.0.13

v4.0.14

v4.0.15

v4.0.16

v4.0.17

v4.0.18

v4.0.19

v4.0.2

v4.0.20

v4.0.21

v4.0.22

v4.0.23

v4.0.24

v4.0.25

v4.0.26

v4.0.27

v4.0.28

v4.0.29

v4.0.3

v4.0.30

v4.0.31

v4.0.32

v4.0.33

v4.0.34

v4.0.35

v4.0.36

v4.0.37

v4.0.38

v4.0.39

v4.0.4

v4.0.40

v4.0.41

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25677.json"