VDB
CVE-2018-16849
CVE-2018-16849
PUBLISHED
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem.
EPSS 0.18% · 39.8th percentile
Risk Scores
EPSS Score
0.18%
39.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | mistral | 5.0.0-0ubuntu1, 0, 6.0.0~b1-0ubuntu2 |
| Ubuntu:Pro:16.04:LTS | mistral | 0, 1.0.0-1, 1.0.0-4 |
Exploit Intelligence
Timeline
- Nov 2, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-16849 third-party-advisory
- https://bugs.launchpad.net/mistral/+bug/1783708 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16849 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-16849 third-party-advisory
- https://ubuntu.com/security/notices/USN-7465-1 vendor-advisory