Vulnerability Details CVE-2017-15103
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- https://access.redhat.com/errata/RHSA-2017:3481
- https://access.redhat.com/security/cve/CVE-2017-15103
- https://bugzilla.redhat.com/show_bug.cgi?id=1510147
- https://access.redhat.com/errata/RHSA-2017:3481
- https://access.redhat.com/security/cve/CVE-2017-15103
- https://bugzilla.redhat.com/show_bug.cgi?id=1510147
Products affected by CVE-2017-15103
-
cpe:2.3:a:heketi_project:heketi:5.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0