Candidate: CVE-2017-2621
PublicDate: 2018-07-27 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2621
 https://bugzilla.redhat.com/show_bug.cgi?id=1420990
Description:
 An access-control flaw was found in the OpenStack Orchestration (heat)
 service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was
 improperly made world readable. A malicious system user could exploit this
 flaw to access sensitive information.
Ubuntu-Description:
Notes:
 mdeslaur> Debian/Ubuntu packaging properly sets up permissions
Bugs:
Priority: medium
Discovered-by: Hans Feldt
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]

Patches_heat:
upstream_heat: needs-triage
precise_heat: DNE
precise/esm_heat: DNE
trusty_heat: not-affected (2014.1.5-0ubuntu1)
trusty/esm_heat: DNE (trusty was not-affected [2014.1.5-0ubuntu1])
vivid/stable-phone-overlay_heat: DNE
vivid/ubuntu-core_heat: DNE
xenial_heat: not-affected (1:6.1.2-0ubuntu1)
esm-infra/xenial_heat: not-affected (1:6.1.2-0ubuntu1)
yakkety_heat: ignored (reached end-of-life)
zesty_heat: not-affected (1:8.0.2-0ubuntu1)
devel_heat: not-affected (1:9.0.0~rc1-0ubuntu2)