CVE-2017-15104

Impact:
Low
Public Date:
2017-12-18
CWE:
CWE-552
Bugzilla:
1510149: CVE-2017-15104 heketi: Information disclosure through world readable file
An access flaw was found in heketi, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

Find out more about CVE-2017-15104 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.5
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact None
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Gluster Storage Server 3.3 on RHEL-7 (heketi) RHSA-2017:3481 2017-12-18

Acknowledgements

This issue was discovered by Siddharth Sharma (Red Hat).
Last Modified