CVE-2017-12155

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2017-12155

CGA ID

CGA-gp9c-75mp-6x7v

Severity

Unknown

Summary

Openstack tripleo-heat-templates unauthenticated file access

Description

A resource-permission flaw was found in the tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. This has been patched in versions 7.0.6 and 8.0.0.

References

https://images.chainguard.dev/security/CGA-gp9c-75mp-6x7v
https://github.com/advisories/GHSA-w8gx-hhcx-px6w
https://nvd.nist.gov/vuln/detail/CVE-2017-12155
https://access.redhat.com/errata/RHSA-2018:0602
https://access.redhat.com/errata/RHSA-2018:1593
https://access.redhat.com/errata/RHSA-2018:1627
https://bugs.launchpad.net/tripleo/+bug/1720787
https://bugzilla.redhat.com/show_bug.cgi?id=1489360
https://github.com/openstack/tripleo-heat-templates
https://opendev.org/openstack/tripleo-heat-templates/commit/a18fd59077d97de83496c85c017b9d256a3eddd4
https://opendev.org/openstack/tripleo-heat-templates/commit/ce7b65f443d38a6627631f53cb22336338e97d30

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2017-12155

Severity

Summary

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources