CVE-2017-2665

MEDIUM

Mongodb - Insufficiently Protected Credentials

Title source: rule

Description

The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97612

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665

Scores

CVSS v3 4.8

EPSS 0.0004

EPSS Percentile 12.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Classification

CWE

CWE-522

Status published

Affected Products (2)

mongodb/mongodb

redhat/storage_console

Timeline

Published Jul 06, 2018

Tracked Since Feb 18, 2026