CVE-2023-6725
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat OpenStack Platform 17.1 for RHEL 8 | 0:14.3.1-17.1.20231103003762.el8ost < * | unaffected |
| Red Hat | Red Hat OpenStack Platform 17.1 for RHEL 8 | 0:3.3.1-17.1.20231101233754.el8ost < * | unaffected |
| Red Hat | Red Hat OpenStack Platform 17.1 for RHEL 9 | 0:14.3.1-17.1.20231103010840.el9ost < * | unaffected |
| Red Hat | Red Hat OpenStack Platform 17.1 for RHEL 9 | 0:3.3.1-17.1.20231101230831.el9ost < * | unaffected |
Weaknesses
- CWE-1220: Insufficient Granularity of Access Control
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2024:2736
- https://access.redhat.com/errata/RHSA-2024:2770
- https://access.redhat.com/security/cve/CVE-2023-6725
- https://bugzilla.redhat.com/show_bug.cgi?id=2249273
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://access.redhat.com/errata/RHSA-2024:2736
- https://access.redhat.com/errata/RHSA-2024:2770
- https://access.redhat.com/security/cve/CVE-2023-6725
- https://bugzilla.redhat.com/show_bug.cgi?id=2249273
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.