CVE-2020-10763: Inclusion of Sensitive Information in Log Files

November 24, 2020 (updated December 2, 2020)

An information-disclosure flaw was found in the way Heketi logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

References

bugzilla.redhat.com/show_bug.cgi?id=1845387
nvd.nist.gov/vuln/detail/CVE-2020-10763

Code Behaviors & Features

Detect and mitigate CVE-2020-10763 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →