CVE-2017-15104

Опубликовано: 18 дек. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 2.1

EPSS Низкий

Описание

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

Ссылки

https://access.redhat.com/errata/RHSA-2017:3481
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2017-15104
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1510149
Issue Tracking
Third Party Advisory
https://github.com/heketi/heketi/releases/tag/v5.0.1
Release Notes
https://access.redhat.com/errata/RHSA-2017:3481
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2017-15104
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1510149
Issue Tracking
Third Party Advisory
https://github.com/heketi/heketi/releases/tag/v5.0.1
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:heketi_project:heketi:5.0.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00085

Низкий

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-552

CWE-200

Связанные уязвимости

CVE-2017-15104

CVSS3: 5.5

redhat

около 8 лет назад

CVE-2017-15104

CVSS3: 7.8

debian

около 8 лет назад

An access flaw was found in Heketi 5, where the heketi.json configurat ...

GHSA-q9vw-wr57-xjv3

CVSS3: 7.8

github

почти 4 года назад

Information Exposure in Heketi

EPSS

Процентиль: 25%

0.00085

Низкий

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-552

CWE-200