Vulnerabilities > CVE-2017-2621
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
Application | 6 |
Redhat
advisories |
| ||||||||
rpms |
|
References
- http://www.securityfocus.com/bid/96280
- http://www.securityfocus.com/bid/96280
- https://access.redhat.com/errata/RHSA-2017:1243
- https://access.redhat.com/errata/RHSA-2017:1243
- https://access.redhat.com/errata/RHSA-2017:1464
- https://access.redhat.com/errata/RHSA-2017:1464
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621