An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2017:3481 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2017-15104 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1510149 | Issue Tracking Third Party Advisory |
https://github.com/heketi/heketi/releases/tag/v5.0.1 | Release Notes |
https://access.redhat.com/errata/RHSA-2017:3481 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2017-15104 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1510149 | Issue Tracking Third Party Advisory |
https://github.com/heketi/heketi/releases/tag/v5.0.1 | Release Notes |
Configurations
History
21 Nov 2024, 03:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/errata/RHSA-2017:3481 - Third Party Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2017-15104 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1510149 - Issue Tracking, Third Party Advisory | |
References | () https://github.com/heketi/heketi/releases/tag/v5.0.1 - Release Notes |
Information
Published : 2017-12-18 19:29
Updated : 2024-11-21 03:14
NVD link : CVE-2017-15104
Mitre link : CVE-2017-15104
CVE.ORG link : CVE-2017-15104
JSON object : View
Products Affected
heketi_project
- heketi
redhat
- enterprise_linux