CVE-2017-1000199

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-1000199
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000199.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000199
Downstream
Related
Published
2017-11-17T02:29:00.957Z
Modified
2026-03-10T14:16:23.347558Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.

References

Affected packages

Git / github.com/open-iscsi/tcmu-runner

Affected ranges

Type
GIT
Repo
https://github.com/open-iscsi/tcmu-runner
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
592d68205fb01140255d4e8596c0ba8979da3ea9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1624c9ad92efbd0840096f428ddfed6aa508f862
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ab770251f78374f9538d6b3c961298d49185ed78
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
351b1ed70fcca1dfb43f0a619b980a12d3961b35
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
be0875db70cd6ff804bfddd26a3428c6b69cffed
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00e858fc173173b2e4a45d61aca853016f8e6827
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8ed4677eb930952c018dc9a505f73f1d91ae9a05
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c7683ad32429adf707f4d94c23bd065c51949b50
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00658265d83d0573168a2f045af154227074870c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3d335660333b98cd5bdb8983a619c3b00b814b3e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.0"
        }
    ]
}

Affected versions

v0.*
v0.8
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.9.0
v0.9.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000199.json"