Hello,
An information-disclosure flaw was found in the way that gluster-block
logs the output from gluster-block CLI operations. This includes recording
passwords to the cmd_history.log file which is world-readable. This flaw
allows local users to obtain sensitive information by reading the log file.
The highest threat from this vulnerability is to data confidentiality.
CVE-2020-10762 has been assigned for this flaw.
Upstream PR: https://github.com/gluster/gluster-block/pull/280
Release: https://github.com/gluster/gluster-block/releases/tag/v0.5.1
Credit: Prasanna Kumar Kalever (Red Hat)
Thanks,
--
Hardik Vyas / Red Hat Product Security
BD48 C633 DE34 733A BBC3 3B72 8A14 AEBB D68B 9381
secalert () redhat com for urgent response
<https://www.redhat.com>