CVE-2017-2665
Severity
7.0HIGH
EPSS
0.0%
top 87.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 6
Latest updateMay 13
Description
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 1.3 | Impact: 3.4
Affected Packages2 packages
🔴Vulnerability Details
2GHSA▶
GHSA-532c-wf5h-wp4m: The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring↗2022-05-13
CVEList▶
CVE-2017-2665: The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring↗2018-07-06
📋Vendor Advisories
1Red Hat▶
rhscon-core: creates world readable file /etc/skyring/skyring.conf which leaks mongodb password for skyring database↗2017-04-11
💬Community
1Bugzilla▶
CVE-2017-2665 rhscon-core: creates world readable file /etc/skyring/skyring.conf which leaks mongodb password for skyring database↗2017-03-31