CVE-2020-10762

An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.
References
Link Resource
https://github.com/gluster/gluster-block/releases/tag/v0.5.1 Release Notes Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1845067 Issue Tracking Mitigation Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:gluster-block:*:*:*:*:*:*:*:*

Information

Published : 2020-11-24 09:15

Updated : 2020-12-02 13:18


NVD link : CVE-2020-10762

Mitre link : CVE-2020-10762


JSON object : View

CWE
CWE-532

Insertion of Sensitive Information into Log File

Advertisement

dedicated server usa

Products Affected

redhat

  • gluster-block