Lucene search

K

MitreCVELIST:CVE-2014-5247

HistoryAug 29, 2014 - 5:00 p.m.

CVE-2014-5247

2014-08-2917:00:00

mitre

www.cve.org

6 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.2%

The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.

References

git.ganeti.org/?p=ganeti.git%3Ba=commit%3Bh=a89f62e2db9ccf715d64d1a6322474b54d2d9ae0

packetstormsecurity.com/files/127851/Ganeti-Insecure-Archive-Permission.html

seclists.org/oss-sec/2014/q3/370

www.ocert.org/advisories/ocert-2014-006.html

www.securityfocus.com/archive/1/533119/100/0/threaded

www.securityfocus.com/bid/69186

exchange.xforce.ibmcloud.com/vulnerabilities/95256

6 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.2%

Related for CVELIST:CVE-2014-5247

debiancve1 ubuntucve1 cve1 prion1 nvd1