High severity7.8NVD Advisory· Published Dec 18, 2017· Updated Jun 17, 2026
CVE-2017-15104
CVE-2017-15104
Description
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/heketi/heketiGo | < 5.0.1 | 5.0.1 |
Affected products
4- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- access.redhat.com/errata/RHSA-2017:3481nvdThird Party AdvisoryWEB
- access.redhat.com/security/cve/CVE-2017-15104nvdThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-q9vw-wr57-xjv3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-15104ghsaADVISORY
- github.com/heketi/heketi/commit/787bae461b23003a4daa4d1d639016a754cf6b00ghsaWEB
- github.com/heketi/heketi/releases/tag/v5.0.1nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.