Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-5247

Опубликовано: 29 авг. 2014
Источник: nvd
CVSS2: 2.1
EPSS Низкий

Описание

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:spi-inc:ganeti:2.10.0:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.0:beta1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.0:rc3:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.2:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.3:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.4:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.5:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.10.6:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.0:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.0:beta1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.2:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.3:*:*:*:*:*:*:*
cpe:2.3:a:spi-inc:ganeti:2.11.4:*:*:*:*:*:*:*

EPSS

Процентиль: 21%
0.00068
Низкий

2.1 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2014-5247

ubuntu
больше 11 лет назад

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.

debian логотип

CVE-2014-5247

debian
больше 11 лет назад

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_clust ...

github логотип

GHSA-rqwx-x2jv-r288

github
больше 3 лет назад

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.

EPSS

Процентиль: 21%
0.00068
Низкий

2.1 Low

CVSS2

Дефекты

CWE-264