Published: 24/11/2020 Updated: 02/12/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

An information-disclosure flaw was found in the way Heketi prior to 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

Vulnerable Product	Search on Vulmon	Subscribe to Product
heketi project heketi
redhat gluster storage 3.0
redhat gluster storage 3.5
redhat openshift container platform 4.0
redhat enterprise linux 7.0

Synopsis Moderate: OCS 311z async security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated OpenShift Container Storage packages fixing various security issues and other bugs are now available for Red Hat OpenShift Container Storage with 311z Async updateRed Hat ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2020-10763 heketi: gluster-block volume password details available in logs  <!--X-Head-of-Messa ...

CWE-532 https://github.com/heketi/heketi/releases/tag/v10.1.0 https://bugzilla.redhat.com/show_bug.cgi?id=1845387 https://access.redhat.com/errata/RHSA-2020:4143 https://nvd.nist.gov

CVE-2020-10763

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect