GHSA-q9vw-wr57-xjv3

Source

https://github.com/advisories/GHSA-q9vw-wr57-xjv3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-q9vw-wr57-xjv3/GHSA-q9vw-wr57-xjv3.json

Aliases

CVE-2017-15104

Published

2022-02-15T01:57:18Z

Modified

2023-11-08T03:58:56.467483Z

Details

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

References

https://nvd.nist.gov/vuln/detail/CVE-2017-15104
https://github.com/heketi/heketi/commit/787bae461b23003a4daa4d1d639016a754cf6b00
https://access.redhat.com/errata/RHSA-2017:3481
https://access.redhat.com/security/cve/CVE-2017-15104
https://bugzilla.redhat.com/show_bug.cgi?id=1510149
https://github.com/heketi/heketi/releases/tag/v5.0.1

Affected packages

Go / github.com/heketi/heketi

Package

Name: github.com/heketi/heketi

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

5.0.1