CVE-2023-6725

Summary

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat OpenStack Platform 17.1 for RHEL 80:14.3.1-17.1.20231103003762.el8ost < *unaffected
Red HatRed Hat OpenStack Platform 17.1 for RHEL 80:3.3.1-17.1.20231101233754.el8ost < *unaffected
Red HatRed Hat OpenStack Platform 17.1 for RHEL 90:14.3.1-17.1.20231103010840.el9ost < *unaffected
Red HatRed Hat OpenStack Platform 17.1 for RHEL 90:3.3.1-17.1.20231101230831.el9ost < *unaffected

Weaknesses

  • CWE-1220: Insufficient Granularity of Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References