Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2018/05/18 5:3 p.m.3 views

openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

6.3CVSS7.1AI score0.00285EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/17 3:40 p.m.4 views

openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

6.3CVSS7.1AI score0.00285EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/03/28 5:11 p.m.5 views

openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

6.3CVSS7.1AI score0.00285EPSS
Exploits0References4
CNVD
CNVD
added 2017/12/14 12:0 a.m.4 views

openstack-tripleo-heat-templates package information disclosure vulnerability

The openstack-triple-heat-templates package is a set of generic template packages that support installation, upgrades, and other operations on the Openstack platform using the Openstack Cloud Facility. A security vulnerability exists in the openstack-tripleo-heat-templates package that stems from...

6.3CVSS6.5AI score0.00285EPSS
Exploits0References1
OSV
OSV
added 2017/12/12 8:29 p.m.1 views

UBUNTU-CVE-2017-12155

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

6.3CVSS6.7AI score0.00285EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/08/17 7:29 a.m.4 views

ceph-deploy admin command copies keyring file to /etc/ceph which is world readable

It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file...

2.1CVSS5.8AI score0.00383EPSS
Exploits0References4
Rows per page
Query Builder