Wind River Support Network

Meet the Support Network

Home CVE Database CVE-2020-25678

CVE-2020-25678

Description

A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.

Priority: MEDIUM
CVSS v3: 4.9
Component: ceph
Publish Date: Jan 8, 2021
Related ID: --
CVSS v2: MEDIUM
Modified Date: Jan 8, 2021

Find out more about CVE-2020-25678 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Fixed LIN10-8109
10.17.41.24 --
Wind River Linux 8 Not Vulnerable -- -- --
Wind River Linux 9 Not Vulnerable -- -- --
Wind River Linux 7 Requires LTSS -- -- --
Wind River Linux LTS 21 Fixed LIN1021-258
10.21.20.2 --
Wind River Linux LTS 22 Not Vulnerable -- -- --
Wind River Linux LTS 18 Fixed LIN1018-7107
10.18.44.22 --
Wind River Linux LTS 19 Fixed LIN1019-5883
10.19.45.16 --
Wind River Linux CD release Fixed -- 10.21.25.0 --
Wind River Linux 6 Requires LTSS -- -- --
Wind River Linux LTS 23 Not Vulnerable -- -- --
Wind River Linux LTS 24 Fixed -- 10.21.25.0 --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --
Helix Virtualization Platform Cert Edition
Helix Virtualization Platform Cert Edition Not Vulnerable -- -- --
eLxr
eLxr 12 Not Vulnerable -- -- --
Wind River Studio Cloud Platform

Related Products

Product Name Status Defect Fixed Downloads

Notes
Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online