CVE-2018-17954
Published: Apr 3, 2020
Modified: Sep 16, 2024
CVSS v3.1
9.3
Description
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.
| Vendor | Product | Versions |
|---|---|---|
SUSE | SUSE OpenStack Cloud 7 | affected crowbar-core - < 4.0+git.1578392992.fabfd186c-9.63.1, crowbar- |
SUSE | SUSE OpenStack Cloud 8 | affected ardana-cinder - < 8.0+git.1579279939.ee7da88-3.39.3, ardana- |
SUSE | SUSE OpenStack Cloud 9 | affected ardana-ansible - < 9.0+git.1581611758.f694f7d-3.16.1, ardana- |
SUSE | SUSE OpenStack Cloud Crowbar 8 | affected crowbar-core - < 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar- |
SUSE | SUSE OpenStack Cloud Crowbar 9 | affected crowbar-core - < 6.0+git.1582892022.cbd70e833-3.19.3, crowbar- |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now