Lucene search

RedhatCVELIST:CVE-2017-2665

HistoryJul 06, 2018 - 1:00 p.m.

CVE-2017-2665

2018-07-0613:00:00

CWE-522

redhat

www.cve.org

CVSS3

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

AI Score

6.9

Confidence

High

EPSS

Percentile

5.1%

JSON

The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.

CNA Affected

[
  {
    "product": "rhscon-core",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

www.securityfocus.com/bid/97612

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665