CVE-2020-10762
24.11.2020, 17:15
An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.Enginsight
| Vendor | Product | Version |
|---|---|---|
| redhat | gluster-block | 𝑥 < 0.5.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
- CWE-532 - Insertion of Sensitive Information into Log FileInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.