{"id":"MGASA-2021-0126","summary":"Updated ceph packages fix security vulnerabilities","details":"A flaw was found in Ceph where Ceph stores mgr module passwords in clear text.\nThis issue can be found by searching the mgr logs for Grafana and dashboard\nwith passwords visible. The highest threat from this vulnerability is to\nconfidentiality (CVE-2020-25678).\n\nA flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user\nauthentication is stored by the frontend application in the browser’s\nlocalStorage which is potentially vulnerable to attackers via XSS attacks. The\nhighest threat from this vulnerability is to data confidentiality and\nintegrity (CVE-2020-27839).\n","modified":"2026-04-16T00:11:40.317401525Z","published":"2021-03-12T01:25:47Z","upstream":["CVE-2020-25678","CVE-2020-27839"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0126.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28538"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/"}],"affected":[{"package":{"name":"ceph","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/ceph?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.2.9-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0126.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}