CVE-2020-25660

🗓️ 23 Nov 2020 21:18:28Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 301 Views

Cephx authentication protocol in versions before 15.2.6 and 14.2.14 allows replay attack

Reporter	Title	Published	Views	Family All 51
AlpineLinux	CVE-2020-25660	23 Nov 202021:18	–	alpinelinux
ArchLinux	[ASA-202011-22] ceph: multiple issues	26 Nov 202000:00	–	archlinux
Circl	CVE-2020-25660	24 Nov 202000:46	–	circl
CNNVD	Red Hat Ceph Security Vulnerability	17 Nov 202000:00	–	cnnvd
Cvelist	CVE-2020-25660	23 Nov 202021:18	–	cvelist
Debian CVE	CVE-2020-25660	23 Nov 202021:18	–	debiancve
EUVD	EUVD-2020-18322	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 33 Update: ceph-15.2.7-1.fc33	10 Dec 202001:16	–	fedora
Tenable Nessus	Fedora 33 : 2:ceph (2020-a8f1120195)	10 Dec 202000:00	–	nessus
Tenable Nessus	GLSA-202105-39 : Ceph: Multiple vulnerabilities	24 Jan 202200:00	–	nessus

NVD

Vulners

Node

redhat cephRange<14.2.14

redhat cephRange15.0.0–15.2.6

Node

redhat ceph_storageMatch2.0

redhat ceph_storageMatch4.0

redhat openshift_container_platformMatch4.0

Node

fedoraproject fedoraMatch33

[
  {
    "product": "ceph",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All ceph versions before 15.2.6 and before 14.2.14"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
ceph	www.ceph.io/community/v15-2-6-octopus-released/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBC4KZ44QUQENTYZPVHORGL4K2KV5V4F/
ceph	www.ceph.io/releases/v14-2-14-nautilus-released/
security	www.security.gentoo.org/glsa/202105-39

21 Nov 2024 05:18Current

6.9Medium risk

Vulners AI Score6.9

CVSS 25.8

CVSS 3.18.8

EPSS0.00191

CWE-294