CVE-2017-15103
Summary
| CVE | CVE-2017-15103 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-12-18 19:29:00 UTC |
| Updated | 2023-02-12 23:28:00 UTC |
| Description | A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Heketi Project | Heketi | 5.0 | All | All | All |
| Application | Heketi Project | Heketi | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug 1510147 – CVE-2017-15103 heketi: OS command injection in heketi API | CONFIRM | bugzilla.redhat.com | Issue Tracking, Patch |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | CONFIRM | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.