MGASA-2021-0126

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0126.html

Import Source

https://advisories.mageia.org/MGASA-2021-0126.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0126

Related

Published

2021-03-12T01:25:47Z

Modified

2021-03-12T00:14:34Z

Summary

Updated ceph packages fix security vulnerabilities

Details

A flaw was found in Ceph where Ceph stores mgr module passwords in clear text. This issue can be found by searching the mgr logs for Grafana and dashboard with passwords visible. The highest threat from this vulnerability is to confidentiality (CVE-2020-25678).

A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browserâs localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2020-27839).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / ceph

Package

Name: ceph
Purl: pkg:rpm/mageia/ceph?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.2.9-1.mga8

Ecosystem specific

{
    "section": "core"
}