MGASA-2021-0126

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2020-25678 CVE-2020-27839

Published: 12 Mar 2021, 01:25

Last modified:16 Apr 2026, 04:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Mar 2021, 01:25

Published

Vulnerability first disclosed

16 Apr 2026, 04:25

Last Modified

Vulnerability information updated

Description

Updated ceph packages fix security vulnerabilities A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard with passwords visible. The highest threat from this vulnerability is to confidentiality (CVE-2020-25678). A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2020-27839).

Affected Systems

mageia•ceph
< 15.2.9-1.mga8

MGASA-2021-0126

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)