CVE-2017-12155

CVE Database · CVE-2017-12155

CVE-2017-12155

· N/AModified

CVSS v3.1

N/A

EPSS

0.29%

Published

Dec 12, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.

Weaknesses (CWE)

CWE-306

Affected Products (1)

ceph · cephvulnerable

References (10)

https://access.redhat.com/errata/RHSA-2018:0602

https://access.redhat.com/errata/RHSA-2018:1593

https://access.redhat.com/errata/RHSA-2018:1627

https://bugs.launchpad.net/tripleo/+bug/1720787

Issue TrackingPatch

https://bugzilla.redhat.com/show_bug.cgi?id=1489360

Issue TrackingMitigation

https://access.redhat.com/errata/RHSA-2018:0602

https://access.redhat.com/errata/RHSA-2018:1593

https://access.redhat.com/errata/RHSA-2018:1627

https://bugs.launchpad.net/tripleo/+bug/1720787

Issue Tracking

KEV Catalog EPSS Scores Vendors All CVEs