CVE-2020-10763

CWE-532 — Log File Information Exposure6 documents6 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 85.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Heketi/heketi Heketi Project Heketi Redhat Enterprise Linux +2 more

Timeline

PublishedNov 24

Latest updateMay 24

Description

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDheketi_project/heketi< 10.1.0

▶Gogithub.com/heketi/heketi< 10.1.0

▶CVEListV5heketiheketi 10.1.0

▶NVDredhat/gluster_storage3.0, 3.5+1

Also affects: Enterprise Linux 7.0, Openshift Container Platform 4.0

🔴Vulnerability Details

OSV

Heketi logs sensitive information↗2022-05-24

▶

GHSA

Heketi logs sensitive information↗2022-05-24

▶

CVEList

CVE-2020-10763: An information-disclosure flaw was found in the way Heketi before 10↗2020-11-24

▶

📋Vendor Advisories

Red Hat

heketi: gluster-block volume password details available in logs↗2020-09-30

▶

💬Community

Bugzilla

CVE-2020-10763 heketi: gluster-block volume password details available in logs↗2020-06-09

▶