CVE-2017-15104

high

Description

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

References

Advisories
More

https://bugzilla.redhat.com/show_bug.cgi?id=1510149

https://access.redhat.com/security/cve/CVE-2017-15104

https://access.redhat.com/errata/RHSA-2017:3481

https://github.com/heketi/heketi/releases/tag/v5.0.1

Details

Source: Mitre, NVD

Published: 2017-12-18

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00084

Detections

Analytics