The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2014-08-29 16:55
Updated : 2024-02-28 12:20
NVD link : CVE-2014-5247
Mitre link : CVE-2014-5247
CVE.ORG link : CVE-2014-5247
JSON object : View
Products Affected
spi-inc
- ganeti
CWE
CWE-264
Permissions, Privileges, and Access Controls