Vulnerabilities > CVE-2017-2621 - Files or Directories Accessible to External Parties vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

redhat

openstack

CWE-552

NVD

Published: 2018-07-27

Updated: 2023-02-12

Summary

An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Openstack 10 Redhat Openstack 9	2
Application	Openstack Openstack Heat - Openstack Heat 5.0.0 Openstack Heat 5.0.3 Openstack Heat 6.0.0 Openstack Heat 6.1.0 Openstack Heat 7.0.0	6

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

Redhat

advisories

rhsa
id RHSA-2017:1243
rhsa
id RHSA-2017:1464

rpms

openstack-heat-api-1:7.0.2-4.el7ost
openstack-heat-api-cfn-1:7.0.2-4.el7ost
openstack-heat-api-cloudwatch-1:7.0.2-4.el7ost
openstack-heat-common-1:7.0.2-4.el7ost
openstack-heat-engine-1:7.0.2-4.el7ost
python-heat-tests-1:7.0.2-4.el7ost
openstack-heat-api-1:6.1.0-3.el7ost
openstack-heat-api-cfn-1:6.1.0-3.el7ost
openstack-heat-api-cloudwatch-1:6.1.0-3.el7ost
openstack-heat-common-1:6.1.0-3.el7ost
openstack-heat-engine-1:6.1.0-3.el7ost
python-heat-tests-1:6.1.0-3.el7ost

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Redhat

References