CGA-gp9c-75mp-6x7v

Published

Last updated

https://images.chainguard.dev/security/CGA-gp9c-75mp-6x7v

Package

ceph

RepositoryWolfi

Latest Update

Under investigation

Aliases

CVE-2017-12155
GHSA-w8gx-hhcx-px6w

Severity

Unknown

Summary

Openstack tripleo-heat-templates unauthenticated file access

Description

A resource-permission flaw was found in the tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. This has been patched in versions 7.0.6 and 8.0.0.

References

https://nvd.nist.gov/vuln/detail/CVE-2017-12155
https://github.com/advisories/GHSA-w8gx-hhcx-px6w
https://access.redhat.com/errata/RHSA-2018:0602
https://access.redhat.com/errata/RHSA-2018:1593
https://access.redhat.com/errata/RHSA-2018:1627
https://bugs.launchpad.net/tripleo/+bug/1720787
https://bugzilla.redhat.com/show_bug.cgi?id=1489360
https://github.com/openstack/tripleo-heat-templates
https://opendev.org/openstack/tripleo-heat-templates/commit/a18fd59077d97de83496c85c017b9d256a3eddd4
https://opendev.org/openstack/tripleo-heat-templates/commit/ce7b65f443d38a6627631f53cb22336338e97d30

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-gp9c-75mp-6x7v

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources