CVE-2017-2665

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-2665
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2665.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-2665
Published
2018-07-06T13:29:00Z
Modified
2024-09-03T01:52:05.442731Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.

References

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type
GIT
Repo
https://github.com/mongodb/mongo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

0.*

0.9.1

1.*

1.7-cut

Other

idxv1

r0.*

r0.0.3
r0.0.4_rc1
r0.0.5_rc1
r0.0.6_rc1
r0.0.7_rc1
r0.0.7_rc2
r0.0.7_rc3
r0.0.7_rc4
r0.0.8_rc1
r0.0.9_rc1
r0.1.0_rc1
r0.1.0_rc2
r0.1.1_rc1
r0.1.2_rc1
r0.1.3_rc1
r0.1.4_rc1
r0.1.5_rc1
r0.1.6_rc1
r0.1.7_rc1
r0.2.0
r0.2.1
r0.8.0
r0.9.0
r0.9.1
r0.9.10
r0.9.2
r0.9.3
r0.9.4
r0.9.5
r0.9.6
r0.9.7
r0.9.8
r0.9.9

r1.*

r1.1.0
r1.1.1
r1.1.2
r1.1.3
r1.3.0
r1.3.1
r1.3.2
r1.3.3
r1.3.4
r1.3.5
r1.5.0
r1.5.1
r1.5.2
r1.5.3
r1.5.4
r1.5.5
r1.5.6
r1.5.7
r1.5.8
r1.7.0
r1.7.1
r1.7.2
r1.7.3
r1.7.4
r1.7.5
r1.7.6
r1.8.0-rc0
r1.9.0
r1.9.1
r1.9.2

r2.*

r2.0.0
r2.0.0-rc0
r2.0.0-rc1
r2.0.0-rc2