CVE-2017-2627Path Traversal in RED HAT Openstack-tripleo-common

CWE-22Path Traversal6 documents5 sources
Severity
8.2HIGHNVD
EPSS
0.1%
top 77.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RED HAT Openstack-tripleo-commonRedhat Openstack
Timeline
PublishedAug 22
Latest updateMay 13

Description

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

CVEListV5red_hat/openstack-tripleo-commonAs shipped with Red Hat Openstack Enterprise 10 and 11
NVDredhat/openstack10, 11+1

🔴Vulnerability Details

2
GHSA
GHSA-mqhr-f34x-gw3r: A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 112022-05-13
CVEList
CVE-2017-2627: A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 112018-08-22

📋Vendor Advisories

1
Red Hat
openstack-tripleo-common: sudoers file is too permissive2017-02-14

💬Community

2
Bugzilla
CVE-2017-2627 openstack-tripleo-common: sudoers file is too permissive [openstack-rdo]2017-02-14
Bugzilla
CVE-2017-2627 openstack-tripleo-common: sudoers file is too permissive2017-02-14
CVE-2017-2627 — Path Traversal in RED | cvebase