{"schema_version":"1.7.2","id":"OESA-2021-1100","modified":"2021-04-07T11:02:44Z","published":"2021-04-07T11:02:44Z","upstream":["CVE-2020-25678"],"summary":"ceph security update","details":"Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.(CVE-2020-25678)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS","name":"ceph","purl":"pkg:rpm/openEuler/ceph\u0026distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.2.8-12.oe1"}]}],"ecosystem_specific":{"aarch64":["librgw2-12.2.8-11.oe1.aarch64.rpm","ceph-radosgw-12.2.8-11.oe1.aarch64.rpm","librados-devel-12.2.8-11.oe1.aarch64.rpm","ceph-osd-12.2.8-11.oe1.aarch64.rpm","ceph-mgr-12.2.8-11.oe1.aarch64.rpm","ceph-mon-12.2.8-11.oe1.aarch64.rpm","rbd-mirror-12.2.8-11.oe1.aarch64.rpm","librgw-devel-12.2.8-11.oe1.aarch64.rpm","rbd-nbd-12.2.8-11.oe1.aarch64.rpm","python3-rbd-12.2.8-11.oe1.aarch64.rpm","libradosstriper1-12.2.8-11.oe1.aarch64.rpm","ceph-debugsource-12.2.8-11.oe1.aarch64.rpm","python-ceph-compat-12.2.8-11.oe1.aarch64.rpm","ceph-test-12.2.8-11.oe1.aarch64.rpm","rbd-fuse-12.2.8-11.oe1.aarch64.rpm","python-rgw-12.2.8-11.oe1.aarch64.rpm","ceph-debuginfo-12.2.8-11.oe1.aarch64.rpm","ceph-fuse-12.2.8-11.oe1.aarch64.rpm","librbd1-12.2.8-11.oe1.aarch64.rpm","python3-cephfs-12.2.8-11.oe1.aarch64.rpm","ceph-common-12.2.8-11.oe1.aarch64.rpm","ceph-mds-12.2.8-11.oe1.aarch64.rpm","libcephfs2-12.2.8-11.oe1.aarch64.rpm","ceph-selinux-12.2.8-11.oe1.aarch64.rpm","python-cephfs-12.2.8-11.oe1.aarch64.rpm","ceph-resource-agents-12.2.8-11.oe1.aarch64.rpm","libradosstriper-devel-12.2.8-11.oe1.aarch64.rpm","librbd-devel-12.2.8-11.oe1.aarch64.rpm","python3-rgw-12.2.8-11.oe1.aarch64.rpm","python-rados-12.2.8-11.oe1.aarch64.rpm","libcephfs-devel-12.2.8-11.oe1.aarch64.rpm","rados-objclass-devel-12.2.8-11.oe1.aarch64.rpm","python3-rados-12.2.8-11.oe1.aarch64.rpm","python-rbd-12.2.8-11.oe1.aarch64.rpm","python3-ceph-argparse-12.2.8-11.oe1.aarch64.rpm","librados2-12.2.8-11.oe1.aarch64.rpm","ceph-12.2.8-11.oe1.aarch64.rpm","ceph-base-12.2.8-11.oe1.aarch64.rpm","librgw2-12.2.8-12.oe1.aarch64.rpm","ceph-radosgw-12.2.8-12.oe1.aarch64.rpm","librados-devel-12.2.8-12.oe1.aarch64.rpm","ceph-osd-12.2.8-12.oe1.aarch64.rpm","ceph-mgr-12.2.8-12.oe1.aarch64.rpm","ceph-mon-12.2.8-12.oe1.aarch64.rpm","rbd-mirror-12.2.8-12.oe1.aarch64.rpm","librgw-devel-12.2.8-12.oe1.aarch64.rpm","rbd-nbd-12.2.8-12.oe1.aarch64.rpm","python3-rbd-12.2.8-12.oe1.aarch64.rpm","libradosstriper1-12.2.8-12.oe1.aarch64.rpm","ceph-debugsource-12.2.8-12.oe1.aarch64.rpm","python-ceph-compat-12.2.8-12.oe1.aarch64.rpm","ceph-test-12.2.8-12.oe1.aarch64.rpm","rbd-fuse-12.2.8-12.oe1.aarch64.rpm","python-rgw-12.2.8-12.oe1.aarch64.rpm","ceph-debuginfo-12.2.8-12.oe1.aarch64.rpm","ceph-fuse-12.2.8-12.oe1.aarch64.rpm","librbd1-12.2.8-12.oe1.aarch64.rpm","python3-cephfs-12.2.8-12.oe1.aarch64.rpm","ceph-common-12.2.8-12.oe1.aarch64.rpm","ceph-mds-12.2.8-12.oe1.aarch64.rpm","libcephfs2-12.2.8-12.oe1.aarch64.rpm","ceph-selinux-12.2.8-12.oe1.aarch64.rpm","python-cephfs-12.2.8-12.oe1.aarch64.rpm","ceph-resource-agents-12.2.8-12.oe1.aarch64.rpm","libradosstriper-devel-12.2.8-12.oe1.aarch64.rpm","librbd-devel-12.2.8-12.oe1.aarch64.rpm","python3-rgw-12.2.8-12.oe1.aarch64.rpm","python-rados-12.2.8-12.oe1.aarch64.rpm","libcephfs-devel-12.2.8-12.oe1.aarch64.rpm","rados-objclass-devel-12.2.8-12.oe1.aarch64.rpm","python3-rados-12.2.8-12.oe1.aarch64.rpm","python-rbd-12.2.8-12.oe1.aarch64.rpm","python3-ceph-argparse-12.2.8-12.oe1.aarch64.rpm","librados2-12.2.8-12.oe1.aarch64.rpm","ceph-12.2.8-12.oe1.aarch64.rpm","ceph-base-12.2.8-12.oe1.aarch64.rpm"],"src":["ceph-12.2.8-11.oe1.src.rpm","ceph-12.2.8-12.oe1.src.rpm"],"x86_64":["libradosstriper-devel-12.2.8-11.oe1.x86_64.rpm","librbd-devel-12.2.8-11.oe1.x86_64.rpm","python3-rgw-12.2.8-11.oe1.x86_64.rpm","python-rados-12.2.8-11.oe1.x86_64.rpm","libcephfs-devel-12.2.8-11.oe1.x86_64.rpm","rados-objclass-devel-12.2.8-11.oe1.x86_64.rpm","python3-rados-12.2.8-11.oe1.x86_64.rpm","python-rbd-12.2.8-11.oe1.x86_64.rpm","python3-ceph-argparse-12.2.8-11.oe1.x86_64.rpm","librados2-12.2.8-11.oe1.x86_64.rpm","ceph-12.2.8-11.oe1.x86_64.rpm","ceph-base-12.2.8-11.oe1.x86_64.rpm","librgw2-12.2.8-12.oe1.x86_64.rpm","ceph-radosgw-12.2.8-12.oe1.x86_64.rpm","librados-devel-12.2.8-12.oe1.x86_64.rpm","ceph-osd-12.2.8-12.oe1.x86_64.rpm","ceph-mgr-12.2.8-12.oe1.x86_64.rpm","ceph-mon-12.2.8-12.oe1.x86_64.rpm","rbd-mirror-12.2.8-12.oe1.x86_64.rpm","librgw-devel-12.2.8-12.oe1.x86_64.rpm","rbd-nbd-12.2.8-12.oe1.x86_64.rpm","python3-rbd-12.2.8-12.oe1.x86_64.rpm","libradosstriper1-12.2.8-12.oe1.x86_64.rpm","ceph-debugsource-12.2.8-12.oe1.x86_64.rpm","python-ceph-compat-12.2.8-12.oe1.x86_64.rpm","ceph-test-12.2.8-12.oe1.x86_64.rpm","rbd-fuse-12.2.8-12.oe1.x86_64.rpm","python-rgw-12.2.8-12.oe1.x86_64.rpm","ceph-debuginfo-12.2.8-12.oe1.x86_64.rpm","ceph-fuse-12.2.8-12.oe1.x86_64.rpm","librbd1-12.2.8-12.oe1.x86_64.rpm","python3-cephfs-12.2.8-12.oe1.x86_64.rpm","ceph-common-12.2.8-12.oe1.x86_64.rpm","ceph-mds-12.2.8-12.oe1.x86_64.rpm","libcephfs2-12.2.8-12.oe1.x86_64.rpm","ceph-selinux-12.2.8-12.oe1.x86_64.rpm","python-cephfs-12.2.8-12.oe1.x86_64.rpm","ceph-resource-agents-12.2.8-12.oe1.x86_64.rpm","libradosstriper-devel-12.2.8-12.oe1.x86_64.rpm","librbd-devel-12.2.8-12.oe1.x86_64.rpm","python3-rgw-12.2.8-12.oe1.x86_64.rpm","python-rados-12.2.8-12.oe1.x86_64.rpm","libcephfs-devel-12.2.8-12.oe1.x86_64.rpm","rados-objclass-devel-12.2.8-12.oe1.x86_64.rpm","python3-rados-12.2.8-12.oe1.x86_64.rpm","python-rbd-12.2.8-12.oe1.x86_64.rpm","python3-ceph-argparse-12.2.8-12.oe1.x86_64.rpm","librados2-12.2.8-12.oe1.x86_64.rpm","ceph-12.2.8-12.oe1.x86_64.rpm","ceph-base-12.2.8-12.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"ceph","purl":"pkg:rpm/openEuler/ceph\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.2.8-12.oe1"}]}],"ecosystem_specific":{"aarch64":["librgw2-12.2.8-12.oe1.aarch64.rpm","ceph-radosgw-12.2.8-12.oe1.aarch64.rpm","librados-devel-12.2.8-12.oe1.aarch64.rpm","ceph-osd-12.2.8-12.oe1.aarch64.rpm","ceph-mgr-12.2.8-12.oe1.aarch64.rpm","ceph-mon-12.2.8-12.oe1.aarch64.rpm","rbd-mirror-12.2.8-12.oe1.aarch64.rpm","librgw-devel-12.2.8-12.oe1.aarch64.rpm","rbd-nbd-12.2.8-12.oe1.aarch64.rpm","python3-rbd-12.2.8-12.oe1.aarch64.rpm","libradosstriper1-12.2.8-12.oe1.aarch64.rpm","ceph-debugsource-12.2.8-12.oe1.aarch64.rpm","python-ceph-compat-12.2.8-12.oe1.aarch64.rpm","ceph-test-12.2.8-12.oe1.aarch64.rpm","rbd-fuse-12.2.8-12.oe1.aarch64.rpm","python-rgw-12.2.8-12.oe1.aarch64.rpm","ceph-debuginfo-12.2.8-12.oe1.aarch64.rpm","ceph-fuse-12.2.8-12.oe1.aarch64.rpm","librbd1-12.2.8-12.oe1.aarch64.rpm","python3-cephfs-12.2.8-12.oe1.aarch64.rpm","ceph-common-12.2.8-12.oe1.aarch64.rpm","ceph-mds-12.2.8-12.oe1.aarch64.rpm","libcephfs2-12.2.8-12.oe1.aarch64.rpm","ceph-selinux-12.2.8-12.oe1.aarch64.rpm","python-cephfs-12.2.8-12.oe1.aarch64.rpm","ceph-resource-agents-12.2.8-12.oe1.aarch64.rpm","libradosstriper-devel-12.2.8-12.oe1.aarch64.rpm","librbd-devel-12.2.8-12.oe1.aarch64.rpm","python3-rgw-12.2.8-12.oe1.aarch64.rpm","python-rados-12.2.8-12.oe1.aarch64.rpm","libcephfs-devel-12.2.8-12.oe1.aarch64.rpm","rados-objclass-devel-12.2.8-12.oe1.aarch64.rpm","python3-rados-12.2.8-12.oe1.aarch64.rpm","python-rbd-12.2.8-12.oe1.aarch64.rpm","python3-ceph-argparse-12.2.8-12.oe1.aarch64.rpm","librados2-12.2.8-12.oe1.aarch64.rpm","ceph-12.2.8-12.oe1.aarch64.rpm","ceph-base-12.2.8-12.oe1.aarch64.rpm"],"src":["ceph-12.2.8-12.oe1.src.rpm"],"x86_64":["librgw2-12.2.8-12.oe1.x86_64.rpm","ceph-radosgw-12.2.8-12.oe1.x86_64.rpm","librados-devel-12.2.8-12.oe1.x86_64.rpm","ceph-osd-12.2.8-12.oe1.x86_64.rpm","ceph-mgr-12.2.8-12.oe1.x86_64.rpm","ceph-mon-12.2.8-12.oe1.x86_64.rpm","rbd-mirror-12.2.8-12.oe1.x86_64.rpm","librgw-devel-12.2.8-12.oe1.x86_64.rpm","rbd-nbd-12.2.8-12.oe1.x86_64.rpm","python3-rbd-12.2.8-12.oe1.x86_64.rpm","libradosstriper1-12.2.8-12.oe1.x86_64.rpm","ceph-debugsource-12.2.8-12.oe1.x86_64.rpm","python-ceph-compat-12.2.8-12.oe1.x86_64.rpm","ceph-test-12.2.8-12.oe1.x86_64.rpm","rbd-fuse-12.2.8-12.oe1.x86_64.rpm","python-rgw-12.2.8-12.oe1.x86_64.rpm","ceph-debuginfo-12.2.8-12.oe1.x86_64.rpm","ceph-fuse-12.2.8-12.oe1.x86_64.rpm","librbd1-12.2.8-12.oe1.x86_64.rpm","python3-cephfs-12.2.8-12.oe1.x86_64.rpm","ceph-common-12.2.8-12.oe1.x86_64.rpm","ceph-mds-12.2.8-12.oe1.x86_64.rpm","libcephfs2-12.2.8-12.oe1.x86_64.rpm","ceph-selinux-12.2.8-12.oe1.x86_64.rpm","python-cephfs-12.2.8-12.oe1.x86_64.rpm","ceph-resource-agents-12.2.8-12.oe1.x86_64.rpm","libradosstriper-devel-12.2.8-12.oe1.x86_64.rpm","librbd-devel-12.2.8-12.oe1.x86_64.rpm","python3-rgw-12.2.8-12.oe1.x86_64.rpm","python-rados-12.2.8-12.oe1.x86_64.rpm","libcephfs-devel-12.2.8-12.oe1.x86_64.rpm","rados-objclass-devel-12.2.8-12.oe1.x86_64.rpm","python3-rados-12.2.8-12.oe1.x86_64.rpm","python-rbd-12.2.8-12.oe1.x86_64.rpm","python3-ceph-argparse-12.2.8-12.oe1.x86_64.rpm","librados2-12.2.8-12.oe1.x86_64.rpm","ceph-12.2.8-12.oe1.x86_64.rpm","ceph-base-12.2.8-12.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1100"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25678"}],"database_specific":{"severity":"Medium"}}