← Back

CVE-2017-12155

nvd nist
Published: Dec 12, 2017Modified: May 13, 2026

JSON object

Loading...
6.3
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 1.0 / Impact: 5.2
Source: NVD

Description

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.

Affected (1)

Products: Ceph: Ceph
Ceph
1 product
Ceph
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ceph
All versions

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (10)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Issue TrackingPatch
Source: secalert@redhat.com
Issue TrackingMitigation
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingMitigation

Timeline

No history available yet.