An information-disclosure flaw was found in the way that gluster-block prior to 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat gluster-block |