CVE-2017-2621

Summary

An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

Affected Software

VendorProductVersion RangeStatus
Red Hatopenstack-heatopenstack-heat-8.0.0affected
Red Hatopenstack-heatopenstack-heat-6.1.0affected
Red Hatopenstack-heatopenstack-heat-7.0.2affected

Weaknesses

  • CWE-552: CWE-552

ADP Enrichment

CVE Program Container

Additional References

References