Home > Vulnerability Database > CVE-2020-10763

Mend.io Vulnerability Database

CVE-2020-10763

Good to know:

Date: November 24, 2020

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords. https:show_bug.cgi?id=1845387

Language: Go

Severity Score

5.5

Related Resources (5)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1845387

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-10763

Url: https://github.com/heketi/heketi/commit/be1583833924e62d2581824a0addcba0aed33c99

Url: https://github.com/heketi/heketi/releases/tag/v10.1.0

Url: https://www.mend.io/vulnerability-database/CVE-2020-10763

Severity Score

5.5

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Top Fix

Upgrade Version

Upgrade to version github.com/heketi/heketi - v10.1.0

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-10763

Good to know:

Date: November 24, 2020

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?