UBUNTU-CVE-2017-12155

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-12155

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-12155.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-12155

Upstream

CVE-2017-12155

Published

2017-12-12T20:29:00Z

Modified

2025-10-24T04:46:25Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.

References

Affected packages

Ubuntu:16.04:LTS / tripleo-heat-templates

Package

Name: tripleo-heat-templates
Purl: pkg:deb/ubuntu/tripleo-heat-templates@0.6.1-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.6.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.6.1-1",
            "binary_name": "python-tripleo-heat-templates"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-12155.json"

Ubuntu:18.04:LTS / tripleo-heat-templates