CVE-2020-10763
First published: Tue Jun 09 2020(Updated: )
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/heketi | <0:9.0.0-9.5.el7 | 0:9.0.0-9.5.el7 |
| redhat/gluster-block | <0:0.2.1-36.2.el7 | 0:0.2.1-36.2.el7 |
| redhat/tcmu-runner | <0:1.2.0-32.2.el7 | 0:1.2.0-32.2.el7 |
| Heketi Project Heketi | <10.1.0 | |
| Redhat Gluster Storage | =3.0 | |
| Redhat Gluster Storage | =3.5 | |
| Redhat Openshift Container Platform | =4.0 | |
| Redhat Enterprise Linux | =7.0 | |
| redhat/heketi | <10.1.0 | 10.1.0 |
| go/github.com/heketi/heketi | <10.1.0 | 10.1.0 |
Remedy
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-10763 https://nvd.nist.gov/vuln/detail/CVE-2020-10763 https://github.com/heketi/heketi/releases/tag/v10.1.0
- https://bugzilla.redhat.com/show_bug.cgi?id=1845387
- https://access.redhat.com/errata/RHSA-2020:4143
- https://access.redhat.com/errata/RHSA-2020:5633
- https://access.redhat.com/security/cve/cve-2020-10763
- https://github.com/heketi/heketi/releases/tag/v10.1.0
- https://github.com/openshift/external-storage/blob/34efc4c2dc0f7032db94b760a9c563ef914cd285/Gopkg.lock#L325
- https://github.com/heketi/heketi/pull/1790
- https://nvd.nist.gov/vuln/detail/CVE-2020-10763
- https://github.com/heketi/heketi/commit/be1583833924e62d2581824a0addcba0aed33c99
- https://github.com/advisories/GHSA-rm7c-x6gj-2mr8 (Advisory)
Frequently Asked Questions
What is CVE-2020-10763?
CVE-2020-10763 is an information-disclosure vulnerability found in Heketi before 10.1.0 that allows an attacker with local access to the Heketi server to read potentially sensitive information.
How does CVE-2020-10763 impact Heketi?
CVE-2020-10763 impacts Heketi by allowing an attacker with local access to the server to read sensitive information, such as gluster-block passwords.
What is the severity of CVE-2020-10763?
CVE-2020-10763 has a severity rating of medium with a CVSS score of 5.5.
How can I fix CVE-2020-10763?
To fix CVE-2020-10763, update Heketi to version 10.1.0 or later.
Where can I find more information about CVE-2020-10763?
You can find more information about CVE-2020-10763 on the official CVE website, NIST NVD, and the GitHub page for Heketi.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-10763
- agent/software-canonical-lookup
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-rm7c-x6gj-2mr8
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/event
- agent/description
- collector/nvd-cve
- source/NVD
- agent/author
- agent/tags
- collector/github-advisory
- package-manager/redhat
- vendor/heketi project
- canonical/heketi project heketi
- vendor/redhat
- canonical/redhat gluster storage
- version/redhat gluster storage/3.0
- version/redhat gluster storage/3.5
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- package-manager/go