6.3

CVE-2017-12155

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CephCeph Version- SwPlatformopenstack
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.2
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.3 1 5.2
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 3.3 3.4 4.9
AV:L/AC:M/Au:N/C:P/I:P/A:N
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://access.redhat.com/errata/RHSA-2018:0602
https://access.redhat.com/errata/RHSA-2018:1593
https://access.redhat.com/errata/RHSA-2018:1627
https://bugs.launchpad.net/tripleo/+bug/1720787
Patch
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1489360
Issue Tracking
Mitigation