Information disclosure in Red Hat OpenStack - CVE-2017-2621
Published: May 19, 2017
Vulnerability identifier: #VU6609
CSH Severity: Low
CVSS v4.0:
CVE-ID: CVE-2017-2621
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
Red Hat OpenStack
Red Hat OpenStack
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper security restrictions on the /var/log/heat directory. A local attacker can navigate to the /var/log/heat directory and gain access to important data such as log files.
Successful exploitation of the vulnerability results in information disclosure on the target system.
The weakness exists due to improper security restrictions on the /var/log/heat directory. A local attacker can navigate to the /var/log/heat directory and gain access to important data such as log files.
Successful exploitation of the vulnerability results in information disclosure on the target system.
How to mitigate CVE-2017-2621
Install update from vendor's website.