Описание
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
Ссылки
- Issue TrackingPatch
- Issue TrackingMitigation
- Issue TrackingPatch
- Issue TrackingMitigation
Уязвимые конфигурации
EPSS
6.3 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
Связанные уязвимости
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
A resource-permission flaw was found in the openstack-tripleo-heat-tem ...
Openstack tripleo-heat-templates unauthenticated file access
EPSS
6.3 Medium
CVSS3
3.3 Low
CVSS2