Vulnerabilities > CVE-2017-2622 - Files or Directories Accessible to External Parties vulnerability in Redhat Openstack 10

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

redhat

CWE-552

NVD

Published: 2018-07-27

Updated: 2023-02-12

Summary

An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Openstack 10	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

Redhat

advisories

rhsa

id	RHSA-2017:1584

rpms

openstack-mistral-all-0:3.0.2-11.el7ost
openstack-mistral-api-0:3.0.2-11.el7ost
openstack-mistral-common-0:3.0.2-11.el7ost
openstack-mistral-engine-0:3.0.2-11.el7ost
openstack-mistral-executor-0:3.0.2-11.el7ost
python-mistral-tests-0:3.0.2-11.el7ost
python-openstack-mistral-0:3.0.2-11.el7ost

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Redhat

References