Vulnerability CVE-2020-25678

Vulnerability Name:

CVE-2020-25678 (CCN-194509)

Assigned:

2018-12-03

Published:

2018-12-03

Updated:

2023-02-12

Summary:

CVSS v3 Severity:

4.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
3.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-25678

Source: secalert@redhat.com
Type: Issue Tracking, Patch
secalert@redhat.com

Source: XF
Type: UNKNOWN
ceph-cve202025678-info-disc(194509)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: CEPH Bug #37503
Audit log: mgr module passwords set on CLI written as plaintext in log files

Source: secalert@redhat.com
Type: Patch, Vendor Advisory
secalert@redhat.com

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:linuxfoundation:ceph:13.2.3:*:*:*:*:*:*:*

OR cpe:/a:ceph:ceph:13.2.4:*:*:*:*:*:*:*

OR cpe:/a:linuxfoundation:ceph:13.2.9:*:*:*:*:*:*:*

OR cpe:/a:linuxfoundation:ceph:14.2.5:*:*:*:*:*:*:*

OR cpe:/a:linuxfoundation:ceph:14.2.6:*:*:*:*:*:*:*

OR cpe:/a:linuxfoundation:ceph:15.0.0:*:*:*:*:*:*:*

OR cpe:/a:linuxfoundation:ceph:15.2.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7460	P	ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3375	P	sysconfig-0.84.0-13.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95191	P	gnome-photos-40.0-150400.2.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2886	P	ceph-common-16.2.7.654+gd5a90ff46f0-150400.1.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95221	P	openconnect-7.08-6.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94516	P	ceph-common-16.2.7.654+gd5a90ff46f0-150400.1.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94487	P	Mesa-21.2.4-150400.66.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:24	P	ceph-common-15.2.9.83+g4275378de0-3.17.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:953	P	Security update for ldns (Moderate)	2022-03-02
oval:org.opensuse.security:def:5999	P	Security update for virglrenderer (Important)	2022-01-18
oval:org.opensuse.security:def:112053	P	ceph-16.2.6.463+g22e7612f9ad-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:101934	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:62042	P	ceph-common-15.2.9.83+g4275378de0-3.17.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101200	P	libkpathsea6-6.2.3-19.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100800	P	ceph-common-15.2.9.83+g4275378de0-3.17.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71783	P	ceph-common-15.2.9.83+g4275378de0-3.17.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101904	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:99647	P	(Important)	2021-06-11
oval:org.opensuse.security:def:99955	P	(Important)	2021-06-07
oval:org.opensuse.security:def:99954	P	(Moderate)	2021-06-04
oval:org.opensuse.security:def:76156	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:9499	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:92299	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:66762	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:99249	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:93049	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:70389	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:9698	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:96921	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:92498	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:67088	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:8748	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:99448	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:93202	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:91909	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:10249	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:98859	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:92697	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:69639	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:75830	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:8943	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:108600	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:92104	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:5673	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:99054	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:92896	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:69838	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:111316	P	Security update for ceph (Moderate)	2021-04-12
oval:org.opensuse.security:def:96832	P	Security update for ceph (Moderate)	2021-04-08
oval:org.opensuse.security:def:73586	P	Security update for ceph (Moderate)	2021-04-08
oval:org.opensuse.security:def:107866	P	Security update for ceph (Moderate)	2021-04-08
oval:org.opensuse.security:def:75800	P	Security update for ceph (Moderate)	2021-04-08
oval:org.opensuse.security:def:103014	P	Security update for ceph (Moderate)	2021-04-08
oval:org.opensuse.security:def:108570	P	Security update for ceph (Moderate)	2021-04-08
oval:org.opensuse.security:def:64464	P	Security update for ceph (Moderate)	2021-04-08
oval:org.opensuse.security:def:5643	P	Security update for ceph (Moderate)	2021-04-08
oval:org.opensuse.security:def:66732	P	Security update for ceph (Moderate)	2021-04-08
oval:org.opensuse.security:def:117381	P	Security update for ceph (Moderate)	2021-04-08

BACK