3 matches found
CVE-2017-7481
CVE-2017-7481 affects Ansible before versions 2.3.1.0 and 2.4.0.0, where lookup-plugin results could be marked unsafe, allowing code execution via jinja2 if an attacker controls lookup() results. The description and connected advisories confirm the vulnerability originates from unsafe lookup resu...
CVE-2017-2665
CVE-2017-2665 involves the skyring-setup script writing the MongoDB password to /etc/skyring/skyring.conf in plaintext, where the file is root-owned but readable by local users. This allows any local user with system access to obtain the password, exposing the Skyring database. Affected component...
CVE-2016-7062
CVE-2016-7062 describes an information-disclosure flaw in Red Hat Storage Console 2 (x86_64) affecting rhscon-ceph and rhscon-core communication. An authenticated, local attacker could recover the cleartext password by exploiting how authentication details are passed between these components. The...