CVE-2018-16849
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem.
Se ha encontrado un error en openstack-mistral. Al manipular el nombre de archivo de la clave privada SSH, la acción std.ssh puede emplearse para revelar la presencia de archivos arbitrarios en el sistema de archivos del ejecutor que lleva a cabo la acción. Ya que std.ssh private_key_filename puede tomar una ruta absoluta, se puede emplear para determinar si existe un archivo o no en el sistema de archivos del ejecutor.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-11 CVE Reserved
- 2018-11-02 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://bugs.launchpad.net/mistral/+bug/1783708 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16849 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Openstack-mistral Search vendor "Redhat" for product "Openstack-mistral" | < 7.0.1 Search vendor "Redhat" for product "Openstack-mistral" and version " < 7.0.1" | - |
Affected
| ||||||