CVE-2020-10762 gluster-block: information disclosure through world-readable gluster-block log files

[Hardik Vyas <hvyas () redhat com>]

Hello,

An information-disclosure flaw was found in the way that gluster-block
logs the output from gluster-block CLI operations. This includes recording
passwords to the cmd_history.log file which is world-readable. This flaw
allows local users to obtain sensitive information by reading the log file.
The highest threat from this vulnerability is to data confidentiality.

CVE-2020-10762 has been assigned for this flaw.

Upstream PR: https://github.com/gluster/gluster-block/pull/280
Release: https://github.com/gluster/gluster-block/releases/tag/v0.5.1

Credit: Prasanna Kumar Kalever (Red Hat)

Thanks,
-- 

Hardik Vyas / Red Hat Product Security

BD48 C633 DE34 733A BBC3  3B72 8A14 AEBB D68B 9381
secalert () redhat com for urgent response
<https://www.redhat.com>