CVE-2017-2621

5.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Openstack-heat
Vendor: CVE Published:; 27 July 2018

Summary

An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

Affected Version(s)

openstack-heat openstack-heat-8.0.0

openstack-heat openstack-heat-6.1.0

openstack-heat openstack-heat-7.0.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2017:1243

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2017:1464

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 27, 2018
Vulnerability Reserved
Dec 1, 2016

Collectors

NVD DatabaseMitre Database

.