Lucene search

CVE-2017-2623

🗓️ 27 Jul 2018 18:00:29Reported by redhatType

rpm-ostree & rpm-ostree-client fail to check GPG signatures, leading to acceptance of unsigned or badly signed packages. Partially mitigated on RHEL Atomic Host.

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 13
RedhatCVE	CVE-2017-2623	3 Mar 201700:18	–	redhatcve
Tenable Nessus	RHEL 7 : rpm-ostree and rpm-ostree-client (RHSA-2017:0444)	6 Mar 201700:00	–	nessus
Tenable Nessus	Fedora 24 : rpm-ostree (2017-788129b61c)	22 Mar 201700:00	–	nessus
Tenable Nessus	Fedora 25 : rpm-ostree (2017-003fa5648c)	21 Mar 201700:00	–	nessus
OpenVAS	Fedora Update for rpm-ostree FEDORA-2017-003fa5648c	21 Mar 201700:00	–	openvas
OpenVAS	Fedora Update for rpm-ostree FEDORA-2017-788129b61c	21 Mar 201700:00	–	openvas
Cvelist	CVE-2017-2623	27 Jul 201818:00	–	cvelist
Fedora	[SECURITY] Fedora 24 Update: rpm-ostree-2017.3-2.fc24	21 Mar 201702:50	–	fedora
Fedora	[SECURITY] Fedora 25 Update: rpm-ostree-2017.3-2.fc25	21 Mar 201703:22	–	fedora
Prion	Default credentials	27 Jul 201818:29	–	prion

Nvd

Vulners

Node

rpm-ostree rpm-ostreeRange<2017.3

rpm-ostree rpm-ostree-clientRange<2017.3

Node

redhat enterprise_linuxMatch7.0

[
  {
    "product": "rpm-ostree,",
    "vendor": "Project Atomic",
    "versions": [
      {
        "status": "affected",
        "version": "2017.3"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2017:0444
securityfocus	www.securityfocus.com/bid/96558

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Jul 2018 18:29Current

5Medium risk

Vulners AI Score5

CVSS24.3

CVSS35.3

EPSS0.0033

CWE-295