Home > Vulnerability Database > CVE-2017-12155

Mend.io Vulnerability Database

CVE-2017-12155

Good to know:

Date: September 19, 2017

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.

Language: PUPPET

Severity Score

6.3

Related Resources (7)

Url: https://bugs.launchpad.net/tripleo/+bug/1720787

Url: https://access.redhat.com/errata/RHSA-2018:1627

Url: https://access.redhat.com/errata/RHSA-2018:0602

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-12155

Url: https://access.redhat.com/errata/RHSA-2018:1593

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1489360

Url: https://www.mend.io/vulnerability-database/CVE-2017-12155

Severity Score

6.3

Weakness Type (CWE)

Missing Authentication for Critical Function

CWE-306

Permissions, Privileges, and Access Control

CWE-264

Top Fix

Upgrade Version

Upgrade to version 48c417519f88472d035c3ad6a92edcc2e6039d9b

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	3.3
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-12155

Good to know:

Date: September 19, 2017

Language: PUPPET

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?