CVE-2023-6725

Name of the Vulnerable Software and Affected Versions OpenStack Designate (affected versions not specified)

Description An access-control flaw was found in the OpenStack Designate component where private configuration information, including access keys to BIND, were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information. The flaw is related to insufficient access control when handling the /etc/designate/private and /etc/designate/private/bind1.conf files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.