CVE-2017-15104

high

Description

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

References

https://github.com/heketi/heketi/releases/tag/v5.0.1

https://bugzilla.redhat.com/show_bug.cgi?id=1510149

https://access.redhat.com/security/cve/CVE-2017-15104

https://access.redhat.com/errata/RHSA-2017:3481

Details

Source: Mitre, NVD

Published: 2017-12-18

Updated: 2023-02-12

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics