Ceph Ceph-Ansible vulnerabilities

CVE-2020-1716 [HIGH] CWE-798 CVE-2020-1716: A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph cluste

CVE-2020-25677 [MEDIUM] CWE-312 CVE-2020-25677: A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insec A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.