github.com/heketi/heketi is vulnerable to information disclosure through insecure defaults. The application by default sets the /etc/heketi/heketi.json
as world readable, allowing a malicious user to access sensitive information contained in it such as passwords.