CVE-2017-12155
Last modified
CVE-2017-12155 is a vulnerability of currently unknown severity. A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ceph | Ceph | All versions |
References
- https://bugs.launchpad.net/tripleo/+bug/1720787Issue Tracking, Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=1489360Issue Tracking, Mitigation
- https://bugs.launchpad.net/tripleo/+bug/1720787Issue Tracking, Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=1489360Issue Tracking, Mitigation
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-12155?
How severe is CVE-2017-12155?
How do I fix CVE-2017-12155?
Are you affected by CVE-2017-12155?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST