CVE-2017-15104: Information Exposure

December 18, 2017 (updated March 12, 2020)

An access flaw was found in Heketi, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

References

bugzilla.redhat.com/show_bug.cgi?id=1510149
nvd.nist.gov/vuln/detail/CVE-2017-15104

Code Behaviors & Features

Detect and mitigate CVE-2017-15104 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →