{"containers": {"cna": {"affected": [{"product": "openstack-tripleo-heat-templates", "vendor": "OpenStack", "versions": [{"status": "affected", "version": "Newton, Ocata, Pike and possibly older"}]}], "datePublic": "2017-09-20T00:00:00", "descriptions": [{"lang": "en", "value": "A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume."}], "problemTypes": [{"descriptions": [{"description": "Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-19T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2018:1593", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1593"}, {"name": "RHSA-2018:1627", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1627"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/tripleo/+bug/1720787"}, {"name": "RHSA-2018:0602", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0602"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2017-09-20T00:00:00", "ID": "CVE-2017-12155", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openstack-tripleo-heat-templates", "version": {"version_data": [{"version_value": "Newton, Ocata, Pike and possibly older"}]}}]}, "vendor_name": "OpenStack"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Permission Assignment for Critical Resource"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:1593", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1593"}, {"name": "RHSA-2018:1627", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1627"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"}, {"name": "https://bugs.launchpad.net/tripleo/+bug/1720787", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/tripleo/+bug/1720787"}, {"name": "RHSA-2018:0602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0602"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:28:16.604Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2018:1593", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1593"}, {"name": "RHSA-2018:1627", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1627"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/tripleo/+bug/1720787"}, {"name": "RHSA-2018:0602", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0602"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-12155", "datePublished": "2017-12-12T20:00:00Z", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2024-09-16T17:22:48.181Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ceph:ceph:-:*:*:*:*:openstack:*:*", "matchCriteriaId": "5CF5A09E-C354-401D-8415-B6BA994C857E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de permisos de recursos en el paquete openstack-tripleo-heat-templates donde se crea ceph.client.openstack.keyring con el permiso world-readable. Un atacante local con acceso a la clave podr\u00eda leer o modificar datos en los pools de memoria del cl\u00faster de Cepth para OpenStack como si el atacante fuera el servicio OpenStack, pudiendo leer o modificar datos en un volumen de OpenStack Block Storage."}], "id": "CVE-2017-12155", "lastModified": "2024-11-21T03:08:56.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-12T20:29:00.227", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0602"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:1593"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:1627"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugs.launchpad.net/tripleo/+bug/1720787"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mitigation"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0602"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:1593"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:1627"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://bugs.launchpad.net/tripleo/+bug/1720787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mitigation"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Katuya Kawakami (NEC) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2018:1593", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "openstack-tripleo-heat-templates-0:5.3.10-1.el7ost", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2018-05-17T00:00:00Z"}, {"advisory": "RHSA-2018:1593", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "puppet-tripleo-0:5.6.8-6.el7ost", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2018-05-17T00:00:00Z"}, {"advisory": "RHSA-2018:1627", "cpe": "cpe:/a:redhat:openstack:11::el7", "package": "openstack-tripleo-heat-templates-0:6.2.12-2.el7ost", "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)", "release_date": "2018-05-18T00:00:00Z"}, {"advisory": "RHSA-2018:1627", "cpe": "cpe:/a:redhat:openstack:11::el7", "package": "puppet-tripleo-0:6.5.10-3.el7ost", "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)", "release_date": "2018-05-18T00:00:00Z"}, {"advisory": "RHSA-2018:0602", "cpe": "cpe:/a:redhat:openstack:12::el7", "package": "openstack-tripleo-heat-templates-0:7.0.9-8.el7ost", "product_name": "Red Hat OpenStack Platform 12.0 (Pike)", "release_date": "2018-03-28T00:00:00Z"}], "bugzilla": {"description": "openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director", "id": "1489360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489360"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-732", "details": ["A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.", "A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. \nTo exploit this flaw, the attacker must have local access to an overcloud node. However by default, access to overcloud nodes is restricted and accessible only from the management undercloud server on an internal network. Follow good security principles in your networking environment to ensure that network access is properly controlled."], "mitigation": {"lang": "en:us", "value": "To mitigate the flaw, use an overcloud post-deploy script[1] to do the following on all overcloud nodes:\nkey=/etc/ceph/ceph.client.openstack.keyring\nchown root:root $key\nchmod 600 $key\nsetfacl -m u:glance:r $key \nsetfacl -m u:cinder:r $key\nsetfacl -m u:nova:r $key\nsetfacl -m u: gnocchi:r $key\nIf not using Red Hat OpenStack Platform director, then run the commands above manually on each overcloud node, \nWarning: Only running 'chmod 600 $key' alone (without an ACL) will prevent OpenStack from reading the key.\n[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/11/html-single/advanced_overcloud_customization/#sect-Customizing_Overcloud_PostConfiguration_All"}, "name": "CVE-2017-12155", "package_state": [{"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "openstack-tripleo-heat-templates", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack-director:7", "fix_state": "Will not fix", "package_name": "openstack-tripleo-heat-templates", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Director"}, {"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Not affected", "package_name": "rhosp-director", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}, {"cpe": "cpe:/a:redhat:openstack-director:8", "fix_state": "Will not fix", "package_name": "openstack-tripleo-heat-templates", "product_name": "Red Hat OpenStack Platform 8 (Liberty) Director"}, {"cpe": "cpe:/a:redhat:openstack-director:9", "fix_state": "Will not fix", "package_name": "openstack-tripleo-heat-templates", "product_name": "Red Hat OpenStack Platform 9 (Mitaka) Director"}], "public_date": "2017-09-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-12155\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12155"], "threat_severity": "Moderate", "upstream_fix": "puppet-tripleo 7.4.7, puppet-tripleo 6.5.7"}