CVE-2017-12155 is a vulnerability in OpenStack Tripleo Heat Templates
Published on December 12, 2017
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
Products Associated with CVE-2017-12155
Want to know whenever a new CVE is published for OpenStack Tripleo Heat Templates? stack.watch will email you.
Affected Versions
openstack-tripleo-heat-templates Version Newton, Ocata, Pike and possibly older is affected by CVE-2017-12155Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.