Vulnerability Description
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Heketi Project | Heketi | < 10.1.0 |
| Redhat | Gluster Storage | 3.0 |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Enterprise Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1845387Issue TrackingThird Party Advisory
- https://github.com/heketi/heketi/releases/tag/v10.1.0Release NotesThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1845387Issue TrackingThird Party Advisory
- https://github.com/heketi/heketi/releases/tag/v10.1.0Release NotesThird Party Advisory
FAQ
What is CVE-2020-10763?
CVE-2020-10763 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive i...
How severe is CVE-2020-10763?
CVE-2020-10763 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10763?
Check the references section above for vendor advisories and patch information. Affected products include: Heketi Project Heketi, Redhat Gluster Storage, Redhat Openshift Container Platform, Redhat Enterprise Linux.