CVE-2017-15104

Name of the Vulnerable Software and Affected Versions Heketi version 5

Description A security issue was discovered where the heketi.json configuration file is world readable, allowing an attacker with local access to the Heketi server to read plain-text passwords from the file. This issue exposes sensitive information.

Recommendations For Heketi version 5, consider restricting access to the heketi.json configuration file to prevent unauthorized reading of plain-text passwords. As a temporary workaround, restrict the file permissions to limit access until a more permanent solution is available.