CVE-2017-12155
First published: Thu Sep 07 2017(Updated: )
A resource-permission flaw was found in the `tripleo-heat-templates` package where `ceph.client.openstack.keyring` is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. This has been patched in versions [7.0.6](https://github.com/openstack/tripleo-heat-templates/commit/a18fd59077d97de83496c85c017b9d256a3eddd4) and [8.0.0](https://github.com/openstack/tripleo-heat-templates/commit/ce7b65f443d38a6627631f53cb22336338e97d30).
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ceph Ceph | ||
| pip/tripleo-heat-templates | <7.0.6 | 7.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2017-12155
- https://access.redhat.com/errata/RHSA-2018:0602
- https://access.redhat.com/errata/RHSA-2018:1593
- https://access.redhat.com/errata/RHSA-2018:1627
- https://bugs.launchpad.net/tripleo/+bug/1720787
- https://bugzilla.redhat.com/show_bug.cgi?id=1489360
- https://opendev.org/openstack/tripleo-heat-templates/commit/a18fd59077d97de83496c85c017b9d256a3eddd4
- https://opendev.org/openstack/tripleo-heat-templates/commit/ce7b65f443d38a6627631f53cb22336338e97d30
- https://github.com/advisories/GHSA-w8gx-hhcx-px6w (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1462657
- https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/11/html-single/advanced_overcloud_customization/#sect-Customizing_Overcloud_PostConfiguration_All
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1493311
- https://review.openstack.org/519531
- https://review.openstack.org/508975
- https://review.openstack.org/522024
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1489360#c13
- collector/github-advisory-latest
- alias/GHSA-w8gx-hhcx-px6w
- alias/CVE-2017-12155
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/author
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/remedy
- agent/weakness
- agent/severity
- agent/references
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- package-manager/pip
- vendor/ceph
- canonical/ceph ceph
- package-manager/redhat