Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ybTdjLXg2Z2otMm1yOM4AAmtK
Heketi logs sensitive information
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
Permalink: https://github.com/advisories/GHSA-rm7c-x6gj-2mr8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybTdjLXg2Z2otMm1yOM4AAmtK
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 10 days ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-rm7c-x6gj-2mr8, CVE-2020-10763
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-10763
- https://bugzilla.redhat.com/show_bug.cgi?id=1845387
- https://github.com/heketi/heketi/releases/tag/v10.1.0
- https://github.com/heketi/heketi/commit/be1583833924e62d2581824a0addcba0aed33c99
- https://github.com/advisories/GHSA-rm7c-x6gj-2mr8
Blast Radius: 19.3
Affected Packages
go:github.com/heketi/heketi
Dependent packages: 252Dependent repositories: 3,197
Downloads:
Affected Version Ranges: < 10.1.0
Fixed in: 10.1.0
All affected versions: 2.0.6, 3.0.0, 3.1.0, 4.0.0, 5.0.0, 5.0.1, 6.0.0, 7.0.0, 8.0.0, 9.0.0, 10.0.0
All unaffected versions: 10.1.0, 10.2.0, 10.3.0