Medium severity6.3NVD Advisory· Published Dec 12, 2017· Updated May 13, 2026
CVE-2017-12155
CVE-2017-12155
Description
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tripleo-heat-templatesPyPI | < 7.0.6 | 7.0.6 |
Affected products
1- OpenStack/openstack-tripleo-heat-templatesv5Range: Newton, Ocata, Pike and possibly older
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- bugs.launchpad.net/tripleo/+bug/1720787nvdIssue TrackingPatchWEB
- github.com/advisories/GHSA-w8gx-hhcx-px6wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12155ghsaADVISORY
- access.redhat.com/errata/RHSA-2018:0602nvdWEB
- access.redhat.com/errata/RHSA-2018:1593nvdWEB
- access.redhat.com/errata/RHSA-2018:1627nvdWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingMitigationWEB
- opendev.org/openstack/tripleo-heat-templates/commit/a18fd59077d97de83496c85c017b9d256a3eddd4ghsaWEB
- opendev.org/openstack/tripleo-heat-templates/commit/ce7b65f443d38a6627631f53cb22336338e97d30ghsaWEB
News mentions
0No linked articles in our index yet.