CVE-2020-10763

Published: Nov 24, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

Affected (5)

Products: Heketi Project: Heketi · Redhat: Enterprise Linux, Gluster Storage, Openshift Container Platform

1 product

3 products

Openshift Container Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Heketi Project Heketi	Before 10.1.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Gluster Storage	Version 3.0
Redhat Gluster Storage	Version 3.5
Redhat Openshift Container Platform	Version 4.0

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1845387

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/heketi/heketi/releases/tag/v10.1.0

Source: secalert@redhat.com

Release NotesThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1845387

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/heketi/heketi/releases/tag/v10.1.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.