Vulnerabilities > CVE-2017-2621

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
redhat
openstack

Summary

An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

Redhat

advisories
  • rhsa
    idRHSA-2017:1243
  • rhsa
    idRHSA-2017:1464
rpms
  • openstack-heat-api-1:7.0.2-4.el7ost
  • openstack-heat-api-cfn-1:7.0.2-4.el7ost
  • openstack-heat-api-cloudwatch-1:7.0.2-4.el7ost
  • openstack-heat-common-1:7.0.2-4.el7ost
  • openstack-heat-engine-1:7.0.2-4.el7ost
  • python-heat-tests-1:7.0.2-4.el7ost
  • openstack-heat-api-1:6.1.0-3.el7ost
  • openstack-heat-api-cfn-1:6.1.0-3.el7ost
  • openstack-heat-api-cloudwatch-1:6.1.0-3.el7ost
  • openstack-heat-common-1:6.1.0-3.el7ost
  • openstack-heat-engine-1:6.1.0-3.el7ost
  • python-heat-tests-1:6.1.0-3.el7ost