Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-10763

Опубликовано: 30 сент. 2020
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

An information-disclosure flaw was found in the way Heketi logs sensitive information. This flaw allows an attacker with local access to the Heketi server, to read potentially sensitive information, such as gluster-block passwords.

Отчет

The version of heketi shipped with Red Hat Gluster Storage 3 does not filter out gluster-block volume passwords, hence affected by this vulnerability.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11atomic-openshiftNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-efs-provisioner-rhel7Not affected
Red Hat OpenShift Container Platform 4openshift4/ose-hyperkube-rhel9Will not fix
Native Client for RHEL 7 for Red Hat StorageheketiFixedRHSA-2020:414330.09.2020
Red Hat Gluster Storage 3.5 for RHEL 7gluster-blockFixedRHSA-2020:414330.09.2020
Red Hat Gluster Storage 3.5 for RHEL 7heketiFixedRHSA-2020:414330.09.2020
Red Hat Gluster Storage 3.5 for RHEL 7tcmu-runnerFixedRHSA-2020:414330.09.2020
Red Hat OpenShift Container Platform 4.7openshift4/ose-cluster-autoscalerFixedRHSA-2020:563324.02.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-532
https://bugzilla.redhat.com/show_bug.cgi?id=1845387heketi: gluster-block volume password details available in logs

EPSS

Процентиль: 15%
0.00048
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-10763

CVSS3: 5.5
nvd
около 5 лет назад

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

debian логотип

CVE-2020-10763

CVSS3: 5.5
debian
около 5 лет назад

An information-disclosure flaw was found in the way Heketi before 10.1 ...

github логотип

GHSA-rm7c-x6gj-2mr8

CVSS3: 5.5
github
больше 3 лет назад

Heketi logs sensitive information

EPSS

Процентиль: 15%
0.00048
Низкий

5.5 Medium

CVSS3