CVE-2017-15103 — HIGH (8.8)

Vulnerability Description

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Heketi Project	Heketi	5.0
Redhat	Enterprise Linux	7.0

Related Weaknesses (CWE)

CWE-20 CWE-78

References

https://access.redhat.com/errata/RHSA-2017:3481Third Party Advisory
https://access.redhat.com/security/cve/CVE-2017-15103Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1510147Issue TrackingPatch
https://access.redhat.com/errata/RHSA-2017:3481Third Party Advisory
https://access.redhat.com/security/cve/CVE-2017-15103Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1510147Issue TrackingPatch

FAQ

What is CVE-2017-15103?

CVE-2017-15103 is a vulnerability with a CVSS score of 8.8 (HIGH). A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote c...

How severe is CVE-2017-15103?

CVE-2017-15103 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15103?

Check the references section above for vendor advisories and patch information. Affected products include: Heketi Project Heketi, Redhat Enterprise Linux.