5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.2%
Red Hat OpenShift Container Storage(OCS) is a provider of agnostic persistent storage for OpenShift Container Platform either in-house or in a hybrid cloud. As a Red Hat storage solution, OCS is completely integrated with OpenShift Container Platform for deployment, management, and monitoring.
Security Fix(es):
gluster-block: information disclosure through world-readable gluster-block log files (CVE-2020-10762)
heketi: gluster-block volume password details available in logs (CVE-2020-10763)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
Earlier, the tcmu-runner did not give details about the file operations stuck at the backend glusterfs block hosting volume. With this change, the tcmu-runner is now able to log details about the file operations stuck at the backend glusterfs block hosting volume and this will help identify the root cause of the input/output errors easily. (BZ#1850361)
Earlier, there was no log rotation with gluster-block logs. With this release, log rotation is possible for gluster-block and tcmu-runner relevant logs. (BZ#1850365)
Earlier, heketi did not track all the changes made to volumes as part of device remove operation. With this release, heketiβs device remove operation is fully tracked and is based on a series of brick evict operations making the operation more reliable. (BZ#1850072)
An access flaw CVE-2020-13867 was found in targetcli due to which the files under β/etc/targetβ and β/etc/target/backupβ directory were widely accessible. With this release, the access flaw is fixed as a workaround in gluster-block to protect these files from any potential attacks for accessing sensitive information, until the flaw is resolved and made available in targetcli.(BZ#1850077)
All Red Hat OpenShift Container Storage users are advised to upgrade to these updated packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | gluster-block-debuginfo | <Β 0.2.1-36.2.el7rhgs | gluster-block-debuginfo-0.2.1-36.2.el7rhgs.x86_64.rpm |
RedHat | 7 | x86_64 | libtcmu | <Β 1.2.0-32.2.el7rhgs | libtcmu-1.2.0-32.2.el7rhgs.x86_64.rpm |
RedHat | 7 | x86_64 | gluster-block | <Β 0.2.1-36.2.el7rhgs | gluster-block-0.2.1-36.2.el7rhgs.x86_64.rpm |
RedHat | 7 | x86_64 | heketi-client | <Β 9.0.0-9.5.el7rhgs | heketi-client-9.0.0-9.5.el7rhgs.x86_64.rpm |
RedHat | 7 | x86_64 | heketi | <Β 9.0.0-9.5.el7rhgs | heketi-9.0.0-9.5.el7rhgs.x86_64.rpm |
RedHat | 7 | x86_64 | tcmu-runner | <Β 1.2.0-32.2.el7rhgs | tcmu-runner-1.2.0-32.2.el7rhgs.x86_64.rpm |
RedHat | 7 | x86_64 | python-heketi | <Β 9.0.0-9.5.el7rhgs | python-heketi-9.0.0-9.5.el7rhgs.x86_64.rpm |
RedHat | 7 | x86_64 | tcmu-runner-debuginfo | <Β 1.2.0-32.2.el7rhgs | tcmu-runner-debuginfo-1.2.0-32.2.el7rhgs.x86_64.rpm |
RedHat | 7 | x86_64 | libtcmu-devel | <Β 1.2.0-32.2.el7rhgs | libtcmu-devel-1.2.0-32.2.el7rhgs.x86_64.rpm |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.2%