What is CVE-2020-25678?

CVE-2020-25678 is a medium-severity vulnerability in Fedoraproject Fedora, classified under Cleartext Storage of Sensitive Information. CVSS score: 4.4/10. Published 2021-01-08.

How severe is CVE-2020-25678?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Is CVE-2020-25678 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Fedoraproject Fedora

CVE-2020-25678

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

EPSS: 0.003 (18.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

Fedoraproject Fedora — versions 33
Redhat Ceph
Redhat Ceph_storage — versions 4.0
N/a Ceph — versions ceph versions prior to 16.y.z

Weakness classification (CWE)

CWE-312 — Cleartext Storage of Sensitive Information

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

secalert@redhat.com (Patch, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (Patch, x_refsource_MISC, Vendor Advisory)
secalert@redhat.com (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
secalert@redhat.com

Frequently asked questions

What is CVE-2020-25678?: CVE-2020-25678 is a medium-severity vulnerability in Fedoraproject Fedora, classified under Cleartext Storage of Sensitive Information. CVSS score: 4.4/10. Published 2021-01-08.
How severe is CVE-2020-25678?: Medium severity. CVSS v3 base score is 4.4 out of 10.
Is CVE-2020-25678 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.