| Vulnerability Name: | CVE-2020-10763 (CCN-189163) | ||||||||||||
| Assigned: | 2020-09-30 | ||||||||||||
| Published: | 2020-09-30 | ||||||||||||
| Updated: | 2020-12-02 | ||||||||||||
| Summary: | An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords. | ||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-532 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-10763 Source: MISC Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1845387 Source: XF Type: UNKNOWN heketi-cve202010763-info-disc(189163) Source: CCN Type: Heketi GIT Repository Fix CVE-2020-10763 #1790 Source: MISC Type: Release Notes, Third Party Advisory https://github.com/heketi/heketi/releases/tag/v10.1.0 Source: CCN Type: oss-sec Mailing List, Wed, 30 Sep 2020 20:40:59 +0530 CVE-2020-10763 heketi: gluster-block volume password details available in logs Source: CCN Type: WhiteSource Vulnerability Database CVE-2020-10763 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||