VDB
CVE-2014-5247
CVE-2014-5247
REJECTED
The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.
EPSS 0.07% · 21.1th percentile
Risk Scores
EPSS Score
0.07%
21.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | ganeti | 0, 2.15.1-1, 2.15.2-1 |
Exploit Intelligence
- http://git.ganeti.org/?p=ganeti.git%3Ba=commit%3Bh=a89f62e2db9ccf715d64d1a6322474b54d2d9ae0 (circl)
- ganeti-gntcluster-info-disc(95256) (circl)
- 20140812 [oCERT-2014-006] Ganeti insecure archive permission (circl)
- 69186 (circl)
- [oss-security] 20140814 Re: [oCERT-2014-006] Ganeti insecure archive permission (circl)
- http://www.ocert.org/advisories/ocert-2014-006.html (circl)
- http://packetstormsecurity.com/files/127851/Ganeti-Insecure-Archive-Permission.html (vulncheck-nvd)
Timeline
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2014-5247 third-party-advisory
- http://www.ocert.org/advisories/ocert-2014-006.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2014-5247 third-party-advisory