CVE-2017-12155 Vulnerability Details

  /     /     /  

CVE-2017-12155 Metadata Quick Info

CVE Published: 12/12/2017 | CVE Updated: 16/09/2024 | CVE Year: 2017
Source: redhat | Vendor: OpenStack | Product: openstack-tripleo-heat-templates
Status : PUBLISHED

---

CVE-2017-12155 Description

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Incorrect Permission Assignment for Critical Resource
Source: OpenStack

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).