CVE-2017-15104 — Files or Directories Accessible to External Parties in Heketi Heketi

CWE-552 — Files or Directories Accessible to External Parties CWE-200 — Sensitive Information Exposure9 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 80.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Heketi Heketi Heketi Heketi Project Heketi +1 more

Timeline

PublishedDec 18

Latest updateAug 21

Description

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Gogithub.com/heketi_heketi< 5.0.1+incompatible+1

▶CVEListV5heketi/heketi5.0

▶NVDheketi_project/heketi5.0.0

Also affects: Enterprise Linux 7.0

🔴Vulnerability Details

OSV

Information Exposure in Heketi in github.com/heketi/heketi↗2024-08-21

▶

OSV

Information Exposure in Heketi↗2022-02-15

▶

GHSA

Information Exposure in Heketi↗2022-02-15

▶

CVEList

CVE-2017-15104: An access flaw was found in Heketi 5, where the heketi↗2017-12-18

▶

📋Vendor Advisories

Red Hat

heketi: Information disclosure through world readable file↗2017-12-18

▶

💬Community

Bugzilla

CVE-2017-15104 heketi: Information disclosure through world readable file [fedora-all]↗2017-12-18

▶

Bugzilla

CVE-2017-15104 heketi: Information disclosure through world readable file [epel-all]↗2017-12-18

▶

Bugzilla

CVE-2017-15104 heketi: Information disclosure through world readable file↗2017-11-06

▶