Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13OGd4LWhoY3gtcHg2d84AAR_8
Openstack tripleo-heat-templates unauthenticated file access
A resource-permission flaw was found in the tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. This has been patched in versions 7.0.6 and 8.0.0.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OGd4LWhoY3gtcHg2d84AAR_8
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 7 months ago
CVSS Score: 6.3
CVSS vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Identifiers: GHSA-w8gx-hhcx-px6w, CVE-2017-12155
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12155
- https://access.redhat.com/errata/RHSA-2018:0602
- https://access.redhat.com/errata/RHSA-2018:1593
- https://access.redhat.com/errata/RHSA-2018:1627
- https://bugs.launchpad.net/tripleo/+bug/1720787
- https://bugzilla.redhat.com/show_bug.cgi?id=1489360
- https://opendev.org/openstack/tripleo-heat-templates/commit/a18fd59077d97de83496c85c017b9d256a3eddd4
- https://opendev.org/openstack/tripleo-heat-templates/commit/ce7b65f443d38a6627631f53cb22336338e97d30
- https://github.com/advisories/GHSA-w8gx-hhcx-px6w
Affected Packages
pypi:tripleo-heat-templates
Dependent packages: 0Dependent repositories: 2
Downloads: 863 last month
Affected Version Ranges: < 7.0.6
Fixed in: 7.0.6
All affected versions: 0.5.6, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.8.14, 2.0.0, 2.1.0, 2.2.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.13, 6.0.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.2.16, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5
All unaffected versions: 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.1.0, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.4.1, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.6.2, 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.3.1, 11.4.0, 11.5.0, 11.6.0, 12.0.0, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 12.4.1, 12.4.2, 12.4.3, 12.4.4, 12.4.5, 12.4.6, 12.5.0, 12.6.0, 12.7.0, 13.0.0, 13.1.0, 13.2.0, 13.3.0, 13.4.0, 13.5.0, 13.6.0, 14.0.0, 14.1.0, 14.1.1, 14.1.2, 14.2.0, 14.3.0, 15.0.0, 15.1.0, 16.0.0, 17.0.0, 18.0.0