CVE-2017-2627

8.2HIGH

Key Information:

Vendor: Red Hat
Status: Openstack-tripleo-common
Vendor: CVE Published:; 22 August 2018

Summary

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user.

Affected Version(s)

openstack-tripleo-common As shipped with Red Hat Openstack Enterprise 10 and 11

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2627

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 22, 2018
Vulnerability Reserved
Dec 1, 2016