Description: skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
Acknowledgments: Name: Siddharth Sharma
Mitigation: ~]# chmod 600 /etc/skyring/skyring.conf
Hello folks, I think that recently CVE-2017-2665 had CPE information added. According the description of the CVE and this bug report it seems that it just affect rhscon-core. Is this right? Please let me know and I'll try to request an amend via <https://cveform.mitre.org/>. Thank you!