A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25677
Reference (s):
- https://bugzilla.redhat.com/show_bug.cgi?id=1892108
- URL: https://bugzilla.redhat.com/show_bug.cgi?id=1892108