Back to search
CVE-2017-15103
Published: Dec 18, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
| Vendor | Product | Versions |
|---|---|---|
Heketi | Heketi | affected 5.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1510147
x_refsource_CONFIRM
RHSA-2017:3481
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2017-15103
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now