An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gluster-block | Redhat | * | 0.5.1 (excluding) |
Native Client for RHEL 7 for Red Hat Storage | RedHat | heketi-0:9.0.0-9.5.el7rhgs | * |
Red Hat Gluster Storage 3.5 for RHEL 7 | RedHat | gluster-block-0:0.2.1-36.2.el7rhgs | * |
Red Hat Gluster Storage 3.5 for RHEL 7 | RedHat | heketi-0:9.0.0-9.5.el7rhgs | * |
Red Hat Gluster Storage 3.5 for RHEL 7 | RedHat | tcmu-runner-0:1.2.0-32.2.el7rhgs | * |