CVE-2017-2622Files or Directories Accessible to External Parties in Redhat Openstack

CWE-552Files or Directories Accessible to External PartiesCWE-200Sensitive Information Exposure8 documents7 sources
Severity
5.5MEDIUMNVD
CNA5.9
EPSS
0.0%
top 86.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openstack
Timeline
PublishedJul 27
Latest updateMay 13

Description

An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-6vmp-9x58-mv62: An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable2022-05-13
OSV
CVE-2017-2622: An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable2018-07-27
CVEList
CVE-2017-2622: An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable2018-07-27

📋Vendor Advisories

2
Red Hat
openstack-mistral: /var/log/mistral/ is world readable2017-02-15
Debian
CVE-2017-2622: mistral - An accessibility flaw was found in the OpenStack Workflow (mistral) service wher...2017

💬Community

2
Bugzilla
CVE-2017-2622 openstack-mistral: /var/log/mistral/ is world readable [openstack-rdo]2017-02-14
Bugzilla
CVE-2017-2622 openstack-mistral: /var/log/mistral/ is world readable2017-02-10
CVE-2017-2622 — Redhat Openstack vulnerability | cvebase