Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13OGd4LWhoY3gtcHg2d84AAR_8

Openstack tripleo-heat-templates unauthenticated file access

A resource-permission flaw was found in the tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. This has been patched in versions 7.0.6 and 8.0.0.

Permalink: https://github.com/advisories/GHSA-w8gx-hhcx-px6w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OGd4LWhoY3gtcHg2d84AAR_8
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago


CVSS Score: 6.3
CVSS vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Percentage: 0.00042
EPSS Percentile: 0.05089

Identifiers: GHSA-w8gx-hhcx-px6w, CVE-2017-12155
References: Blast Radius: 1.9

Affected Packages

pypi:tripleo-heat-templates
Dependent packages: 0
Dependent repositories: 2
Downloads: 1,502 last month
Affected Version Ranges: < 7.0.6
Fixed in: 7.0.6
All affected versions: 0.5.6, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.8.14, 2.0.0, 2.1.0, 2.2.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.13, 6.0.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.2.16, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5
All unaffected versions: 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.1.0, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.4.1, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.6.2, 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.3.1, 11.4.0, 11.5.0, 11.6.0, 12.0.0, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 12.4.1, 12.4.2, 12.4.3, 12.4.4, 12.4.5, 12.4.6, 12.5.0, 12.6.0, 12.7.0, 13.0.0, 13.1.0, 13.2.0, 13.3.0, 13.4.0, 13.5.0, 13.6.0, 14.0.0, 14.1.0, 14.1.1, 14.1.2, 14.2.0, 14.3.0, 15.0.0, 15.1.0, 16.0.0, 17.0.0, 18.0.0