CVE-2014-5247
Published Aug 29, 2014
Last updated a year ago
Overview
- Description
- The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F66B137A-661B-4A33-B42D-36086C5CE25F"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.10.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD3870AD-723B-4EE6-B86F-759126E06F21"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.10.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A8CBB01-AA66-4262-A3DF-26DED8E1B243"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.10.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F6F8F9E-2942-45A9-A3DF-7A2B3392110C"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.10.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4946A0E-7FAF-49D1-85B7-5CE8A31B9F3D"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C0A6331-D11E-4062-8883-3B0A8661CE20"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.10.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74F1C8B8-9A50-45E5-8CCA-425199DEB994"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.10.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1136452D-0A89-4E27-B6FA-F08236885FFF"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.10.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22D6DAB2-3455-4532-8FC9-FB04DD71B9B6"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.10.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F038EE62-9261-4D28-BC3C-8692FCA87115"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.10.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35ECC2AA-C63F-4794-A62D-B78ED6F82DD5"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "773D755E-7E1E-460E-A753-9AB5AA67759E"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.11.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B85FCE9-38B9-437D-AA42-A5C258A1D785"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.11.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4806E38C-C58B-4C41-A2BB-D6ABB2A392C1"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.11.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB162407-8069-43A6-8F93-492E6EBF17C2"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.11.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "997067C6-82FC-4917-A16C-3E8D7F1DFC77"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.11.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15071497-2E59-4EA1-ACDC-5D6AC2703226"
},
{
"criteria": "cpe:2.3:a:spi-inc:ganeti:2.11.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FA19307-8A03-4161-9A15-BA8C7FD83F3B"
}
],
"operator": "OR"
}
]
}
]