CVE-2014-5247

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-5247

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-5247.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2014-5247

Related

UBUNTU-CVE-2014-5247

Published

2014-08-29T16:55:12Z

Modified

2025-03-14T05:00:55Z

Summary

[none]

Details

The UpgradeBeforeConfigurationChange function in lib/client/gntcluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.

References

Affected packages

Debian:11 / ganeti

Package

Name: ganeti
Purl: pkg:deb/debian/ganeti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ganeti

Package

Name: ganeti
Purl: pkg:deb/debian/ganeti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ganeti

Package

Name: ganeti
Purl: pkg:deb/debian/ganeti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}