CVE-2018-17954

CRITICAL

SUSE OpenStack Cloud 7-9 and Crowbar 8-9 - Improper Privilege Management

Title source: llm

Description

An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.

References (1)

Core 1

Core References

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=1117080

Scores

CVSS v3 9.3

EPSS 0.0004

EPSS Percentile 12.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (5)

suse/openstack_cloud 7.0

suse/openstack_cloud 8.0

suse/openstack_cloud 9.0

suse/openstack_cloud_crowbar 8.0

suse/openstack_cloud_crowbar 9.0

Published Apr 03, 2020

Tracked Since Feb 18, 2026