exploitDog

GHSA-rqwx-x2jv-r288

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

Описание

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.

Ссылки

EPSS

Процентиль: 21%

0.00068

Низкий

CVE ID

Связанные уязвимости

CVE-2014-5247

ubuntu

больше 11 лет назад

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.

CVE-2014-5247

nvd

больше 11 лет назад

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.

CVE-2014-5247

debian

больше 11 лет назад

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_clust ...

EPSS

Процентиль: 21%

0.00068

Низкий

CVE ID