CVE-2017-15104

Published: Dec 18, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

Vendor	Product	Versions
Heketi	Heketi	affected `5.0`

Weaknesses (CWE)

CWE-552

References

RHSA-2017:3481

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=1510149

x_refsource_CONFIRM

https://access.redhat.com/security/cve/CVE-2017-15104

x_refsource_CONFIRM

https://github.com/heketi/heketi/releases/tag/v5.0.1

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-15104

Description

Affected Products

Weaknesses (CWE)

References