CVE-2017-15103

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-15103
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15103.json
Aliases
Published
2017-12-18T19:29:00Z
Modified
2024-05-14T05:48:31.832522Z
Summary
[none]
Details

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.

References

Affected packages

Git / github.com/heketi/heketi

Affected ranges

Type
GIT
Repo
https://github.com/heketi/heketi
Events
Introduced
0The exact introduced commit is unknown
Last affected
e0ec337aa22a2ddbd89a5e2338280f621c371755

Affected versions

1.*

1.0.0

v0.*

v0.1
v0.2
v0.3
v0.4
v0.5

v1.*

v1.1.0-dev
v1.2.0-dev
v1.3.0-dev
v1.4.0-dev

v2.*

v2.0.0rc1
v2.0.1-dev
v2.0.2-dev
v2.0.3-dev
v2.0.4-dev
v2.0.5-dev
v2.0.6
v2.1.0-dev

v3.*

v3.0.0

v4.*

v4.0.0

v5.*

v5.0.0