2 matches found
CVE-2018-16849
CVE-2018-16849 affects OpenStack Mistral. The flaw arises in the std.ssh action where manipulating the SSH private_key_filename (which can be an absolute path) enables an attacker to determine whether arbitrary files exist on the executor filesystem, i.e., a local information-disclosure/file-exis...
CVE-2018-16849
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...