Heketi
CVE-2017-15104
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
AnalysisAI
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-552. An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file. Affected products include: Heketi Project Heketi, Redhat Enterprise Linux.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
It was found that default configuration of Heketi does not require any authentication potentially exposing the managemen
A security-check flaw was found in the way the Heketi 5 server API handled user requests. Rated high severity (CVSS 8.8)
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. Rated medium severi
Same technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today