/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2017-12155

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2017-12155

CGA ID

CGA-gp9c-75mp-6x7v

Severity

Unknown

Summary

Openstack tripleo-heat-templates unauthenticated file access

Description

A resource-permission flaw was found in the tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. This has been patched in versions 7.0.6 and 8.0.0.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs