CVE-2020-25677 - A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insec

CVE-2020-25677

Summary

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1892108

Vulnerable Configurations

cpe:2.3:a:ceph:ceph-ansible:4.0.41:*:*:*:*:*:*:*
cpe:2.3:a:ceph:ceph-ansible:4.0.41:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 04-03-2021 - 18:49)
Impact:
Exploitability:

CWE

CWE-312

CAPEC

Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

redhat via4

rpms

ansible-runner-service-0:0.9-5.el8cp
ceph-ansible-0:4.0.41-1.el7cp
ceph-ansible-0:4.0.41-1.el8cp
ceph-base-2:14.2.11-95.el7cp
ceph-base-2:14.2.11-95.el8cp
ceph-base-debuginfo-2:14.2.11-95.el8cp
ceph-common-2:14.2.11-95.el7cp
ceph-common-2:14.2.11-95.el8cp
ceph-common-debuginfo-2:14.2.11-95.el8cp
ceph-debuginfo-2:14.2.11-95.el7cp
ceph-debugsource-2:14.2.11-95.el8cp
ceph-fuse-2:14.2.11-95.el7cp
ceph-fuse-2:14.2.11-95.el8cp
ceph-fuse-debuginfo-2:14.2.11-95.el8cp
ceph-grafana-dashboards-2:14.2.11-95.el7cp
ceph-grafana-dashboards-2:14.2.11-95.el8cp
ceph-mds-2:14.2.11-95.el7cp
ceph-mds-2:14.2.11-95.el8cp
ceph-mds-debuginfo-2:14.2.11-95.el8cp
ceph-mgr-2:14.2.11-95.el7cp
ceph-mgr-2:14.2.11-95.el8cp
ceph-mgr-dashboard-2:14.2.11-95.el7cp
ceph-mgr-dashboard-2:14.2.11-95.el8cp
ceph-mgr-debuginfo-2:14.2.11-95.el8cp
ceph-mgr-diskprediction-local-2:14.2.11-95.el7cp
ceph-mgr-diskprediction-local-2:14.2.11-95.el8cp
ceph-mgr-k8sevents-2:14.2.11-95.el7cp
ceph-mgr-k8sevents-2:14.2.11-95.el8cp
ceph-mgr-rook-2:14.2.11-95.el7cp
ceph-mgr-rook-2:14.2.11-95.el8cp
ceph-mon-2:14.2.11-95.el7cp
ceph-mon-2:14.2.11-95.el8cp
ceph-mon-debuginfo-2:14.2.11-95.el8cp
ceph-osd-2:14.2.11-95.el7cp
ceph-osd-2:14.2.11-95.el8cp
ceph-osd-debuginfo-2:14.2.11-95.el8cp
ceph-radosgw-2:14.2.11-95.el7cp
ceph-radosgw-2:14.2.11-95.el8cp
ceph-radosgw-debuginfo-2:14.2.11-95.el8cp
ceph-selinux-2:14.2.11-95.el7cp
ceph-selinux-2:14.2.11-95.el8cp
ceph-test-2:14.2.11-95.el7cp
ceph-test-2:14.2.11-95.el8cp
ceph-test-debuginfo-2:14.2.11-95.el8cp
cockpit-ceph-installer-0:1.4-0.el7cp
cockpit-ceph-installer-0:1.4-0.el8cp
libcephfs-devel-2:14.2.11-95.el7cp
libcephfs-devel-2:14.2.11-95.el8cp
libcephfs2-2:14.2.11-95.el7cp
libcephfs2-2:14.2.11-95.el8cp
libcephfs2-debuginfo-2:14.2.11-95.el8cp
libntirpc-0:3.3-0.1.el7cp
libntirpc-0:3.3-0.1.el8cp
libntirpc-debuginfo-0:3.3-0.1.el7cp
libntirpc-debuginfo-0:3.3-0.1.el8cp
libntirpc-debugsource-0:3.3-0.1.el8cp
librados-devel-2:14.2.11-95.el7cp
librados-devel-2:14.2.11-95.el8cp
librados-devel-debuginfo-2:14.2.11-95.el8cp
librados2-2:14.2.11-95.el7cp
librados2-2:14.2.11-95.el8cp
librados2-debuginfo-2:14.2.11-95.el8cp
libradospp-devel-2:14.2.11-95.el7cp
libradospp-devel-2:14.2.11-95.el8cp
libradosstriper1-2:14.2.11-95.el7cp
libradosstriper1-2:14.2.11-95.el8cp
libradosstriper1-debuginfo-2:14.2.11-95.el8cp
librbd-devel-2:14.2.11-95.el7cp
librbd-devel-2:14.2.11-95.el8cp
librbd1-2:14.2.11-95.el7cp
librbd1-2:14.2.11-95.el8cp
librbd1-debuginfo-2:14.2.11-95.el8cp
librgw-devel-2:14.2.11-95.el7cp
librgw-devel-2:14.2.11-95.el8cp
librgw2-2:14.2.11-95.el7cp
librgw2-2:14.2.11-95.el8cp
librgw2-debuginfo-2:14.2.11-95.el8cp
nfs-ganesha-0:3.3-0.4.el7cp
nfs-ganesha-0:3.3-0.4.el8cp
nfs-ganesha-ceph-0:3.3-0.4.el7cp
nfs-ganesha-ceph-0:3.3-0.4.el8cp
nfs-ganesha-ceph-debuginfo-0:3.3-0.4.el8cp
nfs-ganesha-debuginfo-0:3.3-0.4.el7cp
nfs-ganesha-debuginfo-0:3.3-0.4.el8cp
nfs-ganesha-debugsource-0:3.3-0.4.el8cp
nfs-ganesha-proxy-0:3.3-0.4.el7cp
nfs-ganesha-proxy-0:3.3-0.4.el8cp
nfs-ganesha-proxy-debuginfo-0:3.3-0.4.el8cp
nfs-ganesha-rados-grace-0:3.3-0.4.el7cp
nfs-ganesha-rados-grace-0:3.3-0.4.el8cp
nfs-ganesha-rados-grace-debuginfo-0:3.3-0.4.el8cp
nfs-ganesha-rados-urls-0:3.3-0.4.el7cp
nfs-ganesha-rados-urls-0:3.3-0.4.el8cp
nfs-ganesha-rados-urls-debuginfo-0:3.3-0.4.el8cp
nfs-ganesha-rgw-0:3.3-0.4.el7cp
nfs-ganesha-rgw-0:3.3-0.4.el8cp
nfs-ganesha-rgw-debuginfo-0:3.3-0.4.el8cp
nfs-ganesha-selinux-0:3.3-0.4.el7cp
nfs-ganesha-selinux-0:3.3-0.4.el8cp
nfs-ganesha-vfs-0:3.3-0.4.el7cp
nfs-ganesha-vfs-0:3.3-0.4.el8cp
nfs-ganesha-vfs-debuginfo-0:3.3-0.4.el8cp
python-ceph-argparse-2:14.2.11-95.el7cp
python-cephfs-2:14.2.11-95.el7cp
python-rados-2:14.2.11-95.el7cp
python-rbd-2:14.2.11-95.el7cp
python-rgw-2:14.2.11-95.el7cp
python2-repoze-lru-0:0.7-8.el7cp
python3-ceph-argparse-2:14.2.11-95.el8cp
python3-cephfs-2:14.2.11-95.el8cp
python3-cephfs-debuginfo-2:14.2.11-95.el8cp
python3-rados-2:14.2.11-95.el8cp
python3-rados-debuginfo-2:14.2.11-95.el8cp
python3-rbd-2:14.2.11-95.el8cp
python3-rbd-debuginfo-2:14.2.11-95.el8cp
python3-repoze-lru-0:0.7-6.el8ost
python3-rgw-2:14.2.11-95.el8cp
python3-rgw-debuginfo-2:14.2.11-95.el8cp
rbd-fuse-debuginfo-2:14.2.11-95.el8cp
rbd-mirror-2:14.2.11-95.el7cp
rbd-mirror-2:14.2.11-95.el8cp
rbd-mirror-debuginfo-2:14.2.11-95.el8cp
rbd-nbd-2:14.2.11-95.el7cp
rbd-nbd-2:14.2.11-95.el8cp
rbd-nbd-debuginfo-2:14.2.11-95.el8cp

refmap via4

confirm

Last major update

04-03-2021 - 18:49

Published

08-12-2020 - 01:15

Last modified

04-03-2021 - 18:49