Vulnerability CVE-2017-15103


Published: 2017-12-18

Description:
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redhat -> Enterprise linux 
Heketi project -> Heketi 

 References:
https://access.redhat.com/errata/RHSA-2017:3481
https://access.redhat.com/security/cve/CVE-2017-15103
https://bugzilla.redhat.com/show_bug.cgi?id=1510147

Copyright 2024, cxsecurity.com

 

Back to Top