CVE-2020-25677

Опубликовано: 08 дек. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1892108
Issue Tracking
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1892108
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ceph:ceph-ansible:4.0.41:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.0002

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-312

Связанные уязвимости

CVE-2020-25677

CVSS3: 5.5

redhat

около 5 лет назад

GHSA-637g-65xr-xr73

github

больше 3 лет назад

Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecure default permissions, allowing any user to read the sensitive information within.