CVE-2017-2665
MEDIUMMongoDB - Insufficiently Protected Credentials in Skyring Configuration File
Title source: llmDescription
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97612
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665
Scores
CVSS v3
4.8
EPSS
0.0033
EPSS Percentile
24.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-522
Status
published
Products (2)
mongodb/mongodb
redhat/storage_console
2.0
Published
Jul 06, 2018
Tracked Since
Feb 18, 2026