{"id":"CVE-2020-25677","details":"A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.","modified":"2026-03-13T00:37:02.130121Z","published":"2020-12-08T01:15:12.070Z","references":[{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892108"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ceph/ceph-ansible","events":[{"introduced":"0"},{"last_affected":"d14723d5b47be85f05e3a8febb04aeddbf62b5c9"},{"introduced":"0"},{"last_affected":"f6d1be269f204f1e62f47385f1b74666d2ffbf34"},{"introduced":"0"},{"last_affected":"13ca0531d8b27d1a32ed8309dd9a1a3563199e30"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.41"},{"introduced":"0"},{"last_affected":"3.0"},{"introduced":"0"},{"last_affected":"4.0"}]}}],"versions":["beta-3.1.0","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.04","v2.0","v2.0.0","v2.1.0","v2.2.0","v2.2.0rc1","v2.3.0rc1","v2.3.0rc2","v2.3.0rc3","v2.3.0rc4","v2.3.0rc5","v3.0.0","v3.0.0rc1","v3.0.0rc10","v3.0.0rc11","v3.0.0rc12","v3.0.0rc13","v3.0.0rc14","v3.0.0rc15","v3.0.0rc16","v3.0.0rc17","v3.0.0rc18","v3.0.0rc19","v3.0.0rc2","v3.0.0rc3","v3.0.0rc4","v3.0.0rc5","v3.0.0rc6","v3.0.0rc7","v3.0.0rc8","v3.0.0rc9","v3.1.0beta2","v3.1.0beta3","v3.1.0beta4","v3.1.0beta5","v3.1.0beta6","v3.1.0beta7","v3.1.0beta8","v3.1.0beta9","v3.1.0rc1","v3.1.0rc2","v3.2.0beta1","v3.2.0beta2","v3.2.0beta3","v3.2.0beta4","v3.2.0beta5","v3.2.0beta6","v3.2.0beta7","v3.2.0beta8","v3.2.0beta9","v4.0.0","v4.0.0beta1","v4.0.0rc1","v4.0.0rc10","v4.0.0rc11","v4.0.0rc12","v4.0.0rc13","v4.0.0rc14","v4.0.0rc15","v4.0.0rc16","v4.0.0rc2","v4.0.0rc3","v4.0.0rc4","v4.0.0rc5","v4.0.0rc6","v4.0.0rc7","v4.0.0rc8","v4.0.0rc9","v4.0.1","v4.0.10","v4.0.11","v4.0.12","v4.0.13","v4.0.14","v4.0.15","v4.0.16","v4.0.17","v4.0.18","v4.0.19","v4.0.2","v4.0.20","v4.0.21","v4.0.22","v4.0.23","v4.0.24","v4.0.25","v4.0.26","v4.0.27","v4.0.28","v4.0.29","v4.0.3","v4.0.30","v4.0.31","v4.0.32","v4.0.33","v4.0.34","v4.0.35","v4.0.36","v4.0.37","v4.0.38","v4.0.39","v4.0.4","v4.0.40","v4.0.41","v4.0.5","v4.0.6","v4.0.7","v4.0.8","v4.0.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25677.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}