GHSA-6g56-v9qg-jp92

Source

https://github.com/advisories/GHSA-6g56-v9qg-jp92

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-6g56-v9qg-jp92/GHSA-6g56-v9qg-jp92.json

Aliases

CVE-2017-15103

Published

2024-04-24T21:35:47Z

Modified

2024-04-24T21:57:33.134894Z

Details

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.

References

https://nvd.nist.gov/vuln/detail/CVE-2017-15103
https://github.com/heketi/heketi/commit/787bae461b23003a4daa4d1d639016a754cf6b00
https://access.redhat.com/errata/RHSA-2017:3481
https://access.redhat.com/security/cve/CVE-2017-15103
https://bugzilla.redhat.com/show_bug.cgi?id=1510147
https://github.com/heketi/heketi
https://github.com/heketi/heketi/releases/tag/v5.0.1

Affected packages

Go / github.com/heketi/heketi

Package

Name: github.com/heketi/heketi

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

5.0.1