CVE-2018-16849

Name of the Vulnerable Software and Affected Versions openstack-mistral (affected versions not specified)

Description A flaw in openstack-mistral allows the disclosure of the presence of arbitrary files within the filesystem of the executor running the action. This is achieved by manipulating the SSH private key filename in the std.ssh action, which can take an absolute path to assess whether a file exists on the executor's filesystem.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.