{"containers": {"cna": {"affected": [{"product": "Heketi", "vendor": "Heketi", "versions": [{"status": "affected", "version": "5.0"}]}], "datePublic": "2017-12-18T00:00:00", "descriptions": [{"lang": "en", "value": "An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-12-19T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:3481", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3481"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://access.redhat.com/security/cve/CVE-2017-15104"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/heketi/heketi/releases/tag/v5.0.1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:50:15.558Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:3481", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3481"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2017-15104"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/heketi/heketi/releases/tag/v5.0.1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-15104", "dateReserved": "2017-10-08T00:00:00", "dateUpdated": "2024-08-05T19:50:15.558Z", "state": "PUBLISHED", "datePublished": "2017-12-18T19:00:00Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:heketi_project:heketi:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "295217EA-588B-49B5-AA83-E0FCC641CBFF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de acceso en Heketi 5, donde el archivo de configuraci\u00f3n heketi.json puede ser le\u00eddo por cualquier usuario. Un atacante que tenga acceso local al servidor Heketi podr\u00eda leer contrase\u00f1as en texto plano del archivo heketi.json."}], "id": "CVE-2017-15104", "lastModified": "2023-02-12T23:28:30.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-18T19:29:00.247", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3481"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2017-15104"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "https://github.com/heketi/heketi/releases/tag/v5.0.1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Siddharth Sharma (Red Hat).", "affected_release": [{"advisory": "RHSA-2017:3481", "cpe": "cpe:/a:redhat:storage:3.3:server:el7", "package": "heketi-0:5.0.0-19.el7rhgs", "product_name": "Red Hat Gluster Storage 3.3 for RHEL 7", "release_date": "2017-12-18T00:00:00Z"}], "bugzilla": {"description": "heketi: Information disclosure through world readable file", "id": "1510149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-552", "details": ["An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.", "An access flaw was found in heketi, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file."], "name": "CVE-2017-15104", "public_date": "2017-12-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-15104\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15104"], "threat_severity": "Low"}