Home > Vulnerability Database > CVE-2020-1716

Mend.io Vulnerability Database

CVE-2020-1716

Good to know:

Date: May 28, 2021

A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions before ceph-ansible 6.0.0alpha1 are affected.

Language: Python

Severity Score

8.8

Related Resources (4)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1795592

Url: https://github.com/ceph/ceph-ansible/commit/8c3759f8ce04a4c2df673290197ef12fe98d992a

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-1716

Url: https://www.mend.io/vulnerability-database/CVE-2020-1716

Severity Score

8.8

Weakness Type (CWE)

Use of Hard-coded Credentials

CWE-798

Top Fix

Upgrade Version

Upgrade to version https://github.com/ceph/ceph-ansible/commit/8c3759f8ce04a4c2df673290197ef12fe98d992a

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-1716

Good to know:

Date: May 28, 2021

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?