CVE-2017-2627

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2627 Issue Tracking Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:openstack:tripleo-common:-:*:*:*:*:*:*:*

Information

Published : 2018-08-22 10:29

Updated : 2021-08-04 10:15


NVD link : CVE-2017-2627

Mitre link : CVE-2017-2627


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

openstack

  • tripleo-common

redhat

  • openstack