x/vulndb: potential Go vuln in github.com/heketi/heketi: CVE-2020-10763

[tatianab]

CVE-2020-10763 references github.com/heketi/heketi, which may be a Go module.

Description:
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-10763
• web: https://bugzilla.redhat.com/show_bug.cgi?id=1845387
• web: https://github.com/heketi/heketi/releases/tag/v10.1.0
• Imported by: https://pkg.go.dev/github.com/heketi/heketi?tab=importedby

Cross references:

• Module github.com/heketi/heketi appears in issue x/vulndb: potential Go vuln in github.com/heketi/heketi: GHSA-q9vw-wr57-xjv3 #866 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/heketi/heketi
      vulnerable_at: 9.0.0+incompatible
      packages:
        - package: heketi
cves:
    - CVE-2020-10763
references:
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=1845387
    - web: https://github.com/heketi/heketi/releases/tag/v10.1.0

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports