CVE-2017-2627

Name of the Vulnerable Software and Affected Versions: openstack-tripleo-common versions as shipped with Red Hat Openstack Enterprise 10 and 11

Description: A flaw was found in the sudoers file installed with the openstack-tripleo-common package. The file is too permissive, containing lines for the mistral user with wildcards that allow directory traversal using '..'. It also grants full passwordless root access to the validations user.

Recommendations: For openstack-tripleo-common versions as shipped with Red Hat Openstack Enterprise 10 and 11, consider restricting the permissions in the sudoers file to prevent directory traversal and limit root access to the validations user. As a temporary workaround, restrict access to the validations user and the mistral user until a patch is available.