A vulnerability was found in ceph-ansible, where hard-coded passwords were found in roles/ceph-defaults/defaults/main.yml. Reference: https://github.com/ceph/ceph-ansible/blob/bb3eae0c8033dc0ffbee44f490f6ad483bd109b9/roles/ceph-defaults/defaults/main.yml
upstream fix https://github.com/ceph/ceph-ansible/pull/4998
Mitigation: Change and use strong passwords in ceph-ansible playbook - https://github.com/ceph/ceph-ansible/blob/v4.0.14/roles/ceph-defaults/defaults/main.yml#L701 - https://github.com/ceph/ceph-ansible/blob/v4.0.14/roles/ceph-defaults/defaults/main.yml#L711
Acknowledgments: Name: Sarthak Srivastava
Statement: The version of ceph-ansible included in Red Hat OpenStack 15 was temporary, OpenStack 15 installations will consume updates to this package from Ceph channels.
Created ceph-ansible tracking bugs for this issue: Affects: fedora-30 [bug 1813137]
This issue has been addressed in the following products: Red Hat Ceph Storage 4.1 Via RHSA-2020:2231 https://access.redhat.com/errata/RHSA-2020:2231
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1716