CVE-2017-2627

CVSS 8.2 HIGHEPSS 0.7%CWE-22

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.2EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

22 Aug 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user.

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Red Hat · openstack-tripleo-common

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2627