CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

CVSS v3 5.9 MEDIUM
CVSS v2.0 2.1 LOW

5.9^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Exploitability : 1.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://access.redhat.com/errata/RHSA-2017:1584	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622	Issue Tracking Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1584	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*

History

21 Nov 2024, 03:23

Type	Values Removed	Values Added
CVSS	v2 : ~~2.1~~ v3 : ~~5.5~~	v2 : 2.1 v3 : 5.9
References	~~() https://access.redhat.com/errata/RHSA-2017:1584 - Vendor Advisory~~	() https://access.redhat.com/errata/RHSA-2017:1584 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622 - Issue Tracking, Vendor Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622 - Issue Tracking, Vendor Advisory

Information

Published : 2018-07-27 13:29

Updated : 2024-11-21 03:23

NVD link : CVE-2017-2622

Mitre link : CVE-2017-2622

CVE.ORG link : CVE-2017-2622

JSON object : View

Products Affected

redhat

openstack

CWE

CWE-552

Files or Directories Accessible to External Parties

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2017-2622", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-07-27T13:29:00.240", "references": [{"url": "https://access.redhat.com/errata/RHSA-2017:1584", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1584", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-552"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information."}, {"lang": "es", "value": "Se ha encontrado un fallo de accesibilidad en el servicio de OpenStack Workflow (mistral) en el que un directorio de registro de servicio se hac\u00eda legible para todos los usuarios de manera incorrecta. Un usuario malicioso del sistema podr\u00eda explotar esta vulnerabilidad para acceder a informaci\u00f3n confidencial."}], "lastModified": "2024-11-21T03:23:51.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}