CVE-2020-10763

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-10763

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10763.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-10763

Aliases

GHSA-rm7c-x6gj-2mr8

Published

2020-11-24T17:15:10Z

Modified

2025-01-08T06:38:59.883601Z

Downstream

RHSA-2020:4143

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

References

Affected packages

Git / github.com/heketi/heketi

Affected ranges

Type: GIT
Repo: https://github.com/heketi/heketi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

dd067b719bc7e5de47bf9d76dbe7fe43b82ab85c

Affected versions

1.*

1.0.0

v0.*

v0.1

v0.2

v0.3

v0.4

v0.5

v1.*

v1.1.0-dev

v1.2.0-dev

v1.3.0-dev

v1.4.0-dev

v10.*

v10.0.0

v2.*

v2.0.0rc1

v2.0.1-dev

v2.0.2-dev

v2.0.3-dev

v2.0.4-dev

v2.0.5-dev

v2.0.6

v2.1.0-dev

v3.*

v3.0.0

v4.*

v4.0.0

v5.*

v5.0.0

v6.*

v6.0.0

v7.*

v7.0.0

v8.*

v8.0.0

v9.*

v9.0.0