Lucene search

RedhatCVELIST:CVE-2017-2627

HistoryAug 22, 2018 - 5:00 p.m.

CVE-2017-2627

2018-08-2217:00:00

CWE-22

redhat

www.cve.org

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

Percentile

9.9%

JSON

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP’s openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with ‘…’ and it grants full passwordless root access to the validations user.

CNA Affected

[
  {
    "product": "openstack-tripleo-common",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "As shipped with Red Hat Openstack Enterprise 10 and 11"
      }
    ]
  }
]

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2627

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

Percentile

9.9%

JSON

Related for CVELIST:CVE-2017-2627