CVE-2017-2665
First published: Fri Jul 06 2018(Updated: )
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MongoDB MongoDB | ||
| Redhat Storage Console | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-2665?
CVE-2017-2665 is a vulnerability in the skyring-setup command that creates a random password for the mongodb skyring database but writes the password in plain text to the /etc/skyring/skyring.conf file.
What software is affected by CVE-2017-2665?
The Mongodb Mongodb and Redhat Storage Console versions 2.0 are affected by CVE-2017-2665.
What is the severity of CVE-2017-2665?
CVE-2017-2665 has a severity rating of high with a value of 7.
How can I fix CVE-2017-2665?
To fix CVE-2017-2665, you should update skyring-setup to write the password securely and restrict access to the /etc/skyring/skyring.conf file.
Is there more information about CVE-2017-2665?
Yes, you can find more information about CVE-2017-2665 on the following references: [Security Focus](http://www.securityfocus.com/bid/97612) and [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665).
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mongodb
- canonical/mongodb mongodb
- vendor/redhat
- canonical/redhat storage console
- version/redhat storage console/2.0