CVE-2017-2665

Name of the Vulnerable Software and Affected Versions: Skyring (affected versions not specified)

Description: The issue concerns the skyring-setup command, which generates a random password for the MongoDB Skyring database. However, this password is stored in plain text in the /etc/skyring/skyring.conf file. Since the file is readable by local users, any user with access to the system running the Skyring service can obtain the password.

Recommendations: For all affected versions, consider restricting access to the /etc/skyring/skyring.conf file to minimize the risk of password exposure. As a temporary workaround, restrict read access to this file for local users until a more secure method of password storage is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.