Description
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1593
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1627
Issue Tracking, Mitigation x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1489360
Issue Tracking, Patch x_refsource_confirm
https://bugs.launchpad.net/tripleo/+bug/1720787
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0602
Scores
CVSS v3
6.3
EPSS
0.0003
EPSS Percentile
8.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-306
Status
published
Products (3)
ceph/ceph
OpenStack/openstack-tripleo-heat-templates
Newton, Ocata, Pike and possibly older
pypi/tripleo-heat-templates
0 - 7.0.6PyPI
Published
Dec 12, 2017
Tracked Since
Feb 18, 2026