Description
An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.
References (2)
Core 2
Core References
Issue Tracking, Mitigation, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1845067
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/gluster/gluster-block/releases/tag/v0.5.1
Scores
CVSS v3
5.5
EPSS
0.0003
EPSS Percentile
8.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
CWE-732
Status
published
Products (1)
redhat/gluster-block
< 0.5.1
Published
Nov 24, 2020
Tracked Since
Feb 18, 2026