CVE-2017-15104 - AskarLabs CVE Database

CVE-2017-15104

Vendor Heketi

Product Heketi

Weakness CWE-552 · Files accessible externally

Published December 18, 2017

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

Key dates

02Disclosure timeline

December 18, 2017 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-15104

Related vulnerabilities

04Related CVE

CVE-2021-34765 Cisco Nexus Insights Authenticated Information Disclosure Vulnerability CVE-2023-2766 Weaver OA jx2_config.ini file access CVE-2009-10005 ContentKeeper Web Appliance < 125.10 Arbitrary File Access via mimencode CVE-2018-1079 CVE-2021-32008 Logged-in Administrator may get unrestricted file system access