PT-2018-7142 · Openstack · Openstack Orchestration (Heat) Service

Hans Feldt

Publicado

2018-07-27

Atualizado

2023-02-12

CVE-2017-2621

CVSS v3.1

5.9

Média

Vetor

AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: OpenStack Orchestration (heat) service versions prior to 8.0.0 OpenStack Orchestration (heat) service version 6.1.0 OpenStack Orchestration (heat) service version 7.0.2

Description: An access-control flaw was found in the OpenStack Orchestration (heat) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

Recommendations: For versions prior to 8.0.0, update to version 8.0.0 or later to resolve the issue. For version 6.1.0, update to a version later than 6.1.0 to resolve the issue. For version 7.0.2, update to a version later than 7.0.2 to resolve the issue.

Correção

Insertion into Log File

Files Accessible to External Parties

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532CWE-552

Identificadores relacionados

CVE-2017-2621

RHSA-2017:1243

RHSA-2017:1464

Produtos afetados

Openstack Orchestration (Heat) Service

PT-2018-7142 · Openstack · Openstack Orchestration (Heat) Service

CVE-2017-2621

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11