CVE-2020-10763
Heketi logs sensitive information
5.5
MEDIUM
CVSS 3.1
EPSS 0.05%
Description
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
How to fix CVE-2020-10763
To remediate CVE-2020-10763, upgrade the affected package to a fixed version below.
- —upgrade to 10.1.0 or later
Is CVE-2020-10763 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 10.1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |