oss-sec mailing list archives
CVE-2020-10762 gluster-block: information disclosure through world-readable gluster-block log files
From: Hardik Vyas <hvyas () redhat com>
Date: Wed, 30 Sep 2020 20:39:23 +0530
Hello, An information-disclosure flaw was found in the way that gluster-block logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality. CVE-2020-10762 has been assigned for this flaw. Upstream PR: https://github.com/gluster/gluster-block/pull/280 Release: https://github.com/gluster/gluster-block/releases/tag/v0.5.1 Credit: Prasanna Kumar Kalever (Red Hat) Thanks, -- Hardik Vyas / Red Hat Product Security BD48 C633 DE34 733A BBC3 3B72 8A14 AEBB D68B 9381 secalert () redhat com for urgent response <https://www.redhat.com>
Current thread:
- CVE-2020-10762 gluster-block: information disclosure through world-readable gluster-block log files Hardik Vyas (Sep 30)