Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
openstack-tripleo-heat-templates包安全漏洞
Vulnerability Description
openstack-tripleo-heat-templates package是一套支持使用Openstack云设施对Openstack平台进行安装、升级等操作的通用模板软件包。 openstack-tripleo-heat-templates包中存在安全漏洞,该漏洞源于程序将ceph.client.openstack.keyring创建成全局可读取。本地攻击者可利用该漏洞读取或更改Ceph集群池上的数据。
CVSS Information
N/A
Vulnerability Type
N/A