CVE-2017-12155 Information

Description

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service thus potentially reading or modifying data in an OpenStack Block Storage volume.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Reference

https://access.redhat.com/errata/RHSA-2018:0602 https://access.redhat.com/errata/RHSA-2018:1593 https://access.redhat.com/errata/RHSA-2018:1627 https://bugs.launchpad.net/tripleo/+bug/1720787 https://bugzilla.redhat.com/show_bug.cgi?id=1489360

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.3