PT-2018-7142 · Openstack · Openstack Orchestration (Heat) Service
Hans Feldt
+1
·
Published
2018-07-27
·
Updated
2023-02-12
·
CVE-2017-2621
CVSS v3.1
5.9
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
OpenStack Orchestration (heat) service versions prior to 8.0.0
OpenStack Orchestration (heat) service version 6.1.0
OpenStack Orchestration (heat) service version 7.0.2
Description:
An access-control flaw was found in the OpenStack Orchestration (heat) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
Recommendations:
For versions prior to 8.0.0, update to version 8.0.0 or later to resolve the issue.
For version 6.1.0, update to a version later than 6.1.0 to resolve the issue.
For version 7.0.2, update to a version later than 7.0.2 to resolve the issue.
Fix
Insertion into Log File
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openstack Orchestration (Heat) Service