CVE-2017-15104

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-15104

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15104.json

Aliases

GHSA-q9vw-wr57-xjv3

Published

2017-12-18T19:29:00Z

Modified

2023-11-29T06:07:36.902247Z

Details

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

References

https://access.redhat.com/errata/RHSA-2017:3481
https://bugzilla.redhat.com/show_bug.cgi?id=1510149
https://access.redhat.com/security/cve/CVE-2017-15104
https://github.com/heketi/heketi/releases/tag/v5.0.1

Affected packages

Git / github.com/heketi/heketi

Affected ranges

Type: GIT
Repo: https://github.com/heketi/heketi
Events: Introduced

0The exact introduced commit is unknown

Last affected

e0ec337aa22a2ddbd89a5e2338280f621c371755

Affected versions

1.*

1.0.0

v0.*

v0.1

v0.2

v0.3

v0.4

v0.5

v1.*

v1.1.0-dev

v1.2.0-dev

v1.3.0-dev

v1.4.0-dev

v2.*

v2.0.0rc1

v2.0.1-dev

v2.0.2-dev

v2.0.3-dev

v2.0.4-dev

v2.0.5-dev

v2.0.6

v2.1.0-dev

v3.*

v3.0.0

v4.*

v4.0.0

v5.*

v5.0.0