Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Filtered by product Storage Console
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7481 3 Canonical, Debian, Redhat 10 Ubuntu Linux, Debian Linux, Ansible Engine and 7 more 2021-08-04 7.5 HIGH 9.8 CRITICAL
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
CVE-2017-2665 2 Mongodb, Redhat 2 Mongodb, Storage Console 2019-10-09 1.9 LOW 7.0 HIGH
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
CVE-2016-7062 1 Redhat 2 Storage Console, Storage Console Node 2017-07-05 2.1 LOW 7.8 HIGH
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.