Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-17954

An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.

Published

2020-04-03T07:15:11.400

Last Modified

2024-11-21T03:55:16.353

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.3 (CRITICAL)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-269
Type: Primary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	suse	openstack_cloud	7.0	Yes
Application	suse	openstack_cloud	8.0	Yes
Application	suse	openstack_cloud	9.0	Yes
Application	suse	openstack_cloud_crowbar	8.0	Yes
Application	suse	openstack_cloud_crowbar	9.0	Yes

References

https://bugzilla.suse.com/show_bug.cgi?id=1117080 ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=1117080 (af854a3a-2127-422b-91ae-364da2661108)