Описание
Information Exposure in Heketi
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-15104
- https://github.com/heketi/heketi/commit/787bae461b23003a4daa4d1d639016a754cf6b00
- https://access.redhat.com/errata/RHSA-2017:3481
- https://access.redhat.com/security/cve/CVE-2017-15104
- https://bugzilla.redhat.com/show_bug.cgi?id=1510149
- https://github.com/heketi/heketi/releases/tag/v5.0.1
Пакеты
github.com/heketi/heketi
< 5.0.1
5.0.1
Связанные уязвимости
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
An access flaw was found in Heketi 5, where the heketi.json configurat ...