CVE-2017-2621

An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

References

Affected packages

Git / github.com/openstack/heat

Affected ranges

Type

GIT

Repo

https://github.com/openstack/heat

Events

Introduced

Fixed

2dd83353c086a8ee3ee8aefb99b06832782d8cab

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.0.0"
        }
    ]
}

Affected versions

2013.*

2013.1.rc1

2013.2.b1

2013.2.b2

2013.2.b3

2013.2.rc1

2014.*

2014.1.b1

2014.1.b2

2014.1.rc1

2014.2.b1

2014.2.b2

2014.2.b3

2014.2.rc1

2015.*

2015.1.0b1

2015.1.0b2

2015.1.0b3

2015.1.0rc1

5.*

5.0.0.0b1

5.0.0.0b2

5.0.0.0b3

5.0.0.0rc1

5.0.0a0

6.*

6.0.0.0b1

6.0.0.0b2

6.0.0.0b3

6.0.0.0rc1

7.*

7.0.0.0b1

7.0.0.0b2

7.0.0.0b3

7.0.0.0rc1

8.*

8.0.0.0b1

8.0.0.0b2

8.0.0.0b3

8.0.0.0rc1

Other

grizzly-2

v4-branch-eol

v5-branch-eol

v6-branch-eol

v7-branch-eol

v2-M1.*

v2-M1.release

v3.*

v3.release

v4.*

v4.release

v5.*

v5.release

v6.*

v6.release

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2621.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10"
            }
        ]
    }
]