CVE-2017-2627 HIGH

CVE-2017-2627

Vendor Red Hat
Product openstack-tripleo-common
Weakness CWE-22 · Path traversal
Published August 22, 2018
Last update August 5, 2024

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user.

Key dates

02Disclosure timeline

August 22, 2018 CVE published
August 5, 2024 Record updated