Описание
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
Ссылки
- Issue TrackingThird Party Advisory
- Release NotesThird Party Advisory
- Issue TrackingThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.1.0 (исключая)
cpe:2.3:a:heketi_project:heketi:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:gluster_storage:3.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00048
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-532
CWE-532
Связанные уязвимости
CVSS3: 5.5
redhat
больше 5 лет назад
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
CVSS3: 5.5
debian
около 5 лет назад
An information-disclosure flaw was found in the way Heketi before 10.1 ...
EPSS
Процентиль: 15%
0.00048
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-532
CWE-532