CVE-2017-15104

Published December 18th, 2017

View on NVD ↗

CVSS v3

7.8

HIGH

CVSS v2

2.1

LOW

Affected

PROJECT

Description

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

heketi/heketi

RESTful based volume management framework for GlusterFS

GitHub

1.26K