Prasanna Kumar Kalever

**Name of the Vulnerable Software and Affected Versions** gluster-block versions prior to 0.5.1 **Description** An information-disclosure flaw was found in the way that gluster-block logs the output from gluster-block CLI operations, including recording passwords to the `cmd history.log` file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality. **Recommendations** For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `cmd history.log` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Heketi versions prior to 10.1.0 **Description** An information-disclosure flaw was found in the way Heketi logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords. **Recommendations** For versions prior to 10.1.0, update to version 10.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Heketi server logs to minimize the risk of exploitation.