CVE-2020-10763
Summary
| CVE | CVE-2020-10763 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-11-24 17:15:00 UTC |
| Updated | 2020-12-02 19:16:00 UTC |
| Description | An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Heketi Project | Heketi | All | All | All | All |
| Application | Heketi Project | Heketi | All | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Application | Redhat | Gluster Storage | 3.0 | All | All | All |
| Application | Redhat | Gluster Storage | 3.5 | All | All | All |
| Application | Redhat | Gluster Storage | 3.0 | All | All | All |
| Application | Redhat | Gluster Storage | 3.5 | All | All | All |
| Application | Redhat | Openshift Container Platform | 4.0 | All | All | All |
| Application | Redhat | Openshift Container Platform | 4.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1845387 – (CVE-2020-10763) CVE-2020-10763 heketi: gluster-block volume password details available in logs | MISC | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| Release Release 10.1 · heketi/heketi · GitHub | MISC | github.com | Release Notes, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.