Bug 2249273 (CVE-2023-6725)
Summary: | CVE-2023-6725 tripleo-ansible: bind keys are world readable | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Nick Tait <ntait> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | beagles, eglynn, jjoyce, jschluet, lhh, lsvaty, mburns, mgarciac, michjohn, njohnston, pgrist, rhos-maint, scohen, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2239495, 2249276, 2279579, 2249274, 2249275 | ||
Bug Blocks: | 2240099 |
Description
Nick Tait
2023-11-11 21:26:56 UTC
I've added you as reporter credit to the CVE page, if you'd prefer not to be credited or there's someone else who should be on it too, let me know and I modify it. I have no problem with that. |