Openstack · Openstack Designate · CVE-2023-6725
**Name of the Vulnerable Software and Affected Versions**
OpenStack Designate (affected versions not specified)
**Description**
An access-control flaw was found in the OpenStack Designate component where private configuration information, including access keys to BIND, were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information. The flaw is related to insufficient access control when handling the /etc/designate/private and /etc/designate/private/bind1.conf files.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.