High severityNVD Advisory· Published Nov 2, 2018· Updated Aug 5, 2024
CVE-2018-16849
CVE-2018-16849
Description
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mistralPyPI | < 7.0.1 | 7.0.1 |
Affected products
1Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-fqw7-c6vr-q29mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-16849ghsaADVISORY
- bugs.launchpad.net/mistral/+bug/1783708ghsax_refsource_CONFIRMWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/openstack/mistral/commit/2309e5265a1d5f28480ae872817b5de05f66e83cghsaWEB
- github.com/openstack/mistral/commit/c93b45a61f49d4633f76d8e117cd89063e7759c4ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/mistral/PYSEC-2018-92.yamlghsaWEB
News mentions
0No linked articles in our index yet.