CVE-2017-2621

Опубликовано: 15 фев. 2017

Источник: redhat

CVSS3: 5.9

EPSS Низкий

Описание

An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

An access-control flaw was found in the OpenStack Orchestration (heat) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	openstack-heat	Not affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	openstack-heat	Not affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)	openstack-heat	Not affected
Red Hat OpenStack Platform 11 (Ocata)	openstack-heat	Not affected
Red Hat OpenStack Platform 8 (Liberty)	openstack-heat	Not affected
Red Hat OpenStack Platform 10.0 (Newton)	openstack-heat	Fixed	RHSA-2017:1243	17.05.2017
Red Hat OpenStack Platform 9.0 (Mitaka)	openstack-heat	Fixed	RHSA-2017:1464	14.06.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-552

https://bugzilla.redhat.com/show_bug.cgi?id=1420990openstack-heat: /var/log/heat/ is world readable

EPSS

Процентиль: 22%

0.00072

Низкий

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2017-2621

CVSS3: 5.5

ubuntu

больше 7 лет назад

CVE-2017-2621

CVSS3: 5.5

nvd

больше 7 лет назад

CVE-2017-2621

CVSS3: 5.5

debian

больше 7 лет назад

An access-control flaw was found in the OpenStack Orchestration (heat) ...

GHSA-93f2-xp2g-gqxp

CVSS3: 5.5

github

почти 4 года назад

EPSS

Процентиль: 22%

0.00072

Низкий

5.9 Medium

CVSS3