Accessibility Flaw in OpenStack Workflow Service by Red Hat
CVE-2017-2622

5.9MEDIUM

Key Information:

Vendor: [unknown]
Status: Openstack-mistral
Vendor: CVE Published:; 27 July 2018

What is CVE-2017-2622?

An accessibility flaw was identified in the OpenStack Workflow (Mistral) service, resulting in a service log directory being incorrectly set to world-readable permissions. This oversight enables unauthorized system users to potentially access sensitive information, compromising the integrity and confidentiality of data stored within the workflow service.

Affected Version(s)

openstack-mistral

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2017:1584

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2018
Vulnerability Reserved
Dec 1, 2016

CVE-2017-2622 Data

JSON

[unknown]

What is CVE-2017-2622?

Affected Version(s)

References

CVSS V3.1

Timeline