PT-2020-12317 · Gluster · Heketi

Prasanna Kumar Kalever

Published

2020-11-24

Updated

2022-05-24

CVE-2020-10763

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Heketi versions prior to 10.1.0

Description An information-disclosure flaw was found in the way Heketi logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

Recommendations For versions prior to 10.1.0, update to version 10.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Heketi server logs to minimize the risk of exploitation.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2020-10763

GHSA-RM7C-X6GJ-2MR8

RHSA-2020:4143

Affected Products

Heketi

PT-2020-12317 · Gluster · Heketi

CVE-2020-10763

Weakness Enumeration

Related Identifiers

Affected Products

References · 7