Vulnerability Details CVE-2017-1000199
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2017-1000199
-
cpe:2.3:a:tcmu-runner_project:tcmu-runner:0.9.1
-
cpe:2.3:a:tcmu-runner_project:tcmu-runner:0.9.2
-
cpe:2.3:a:tcmu-runner_project:tcmu-runner:0.9.3
-
cpe:2.3:a:tcmu-runner_project:tcmu-runner:0.9.4
-
cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.0.5
-
cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.1.0
-
cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.1.1
-
cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.1.2
-
cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.1.3
-
cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.2.0