1
Candidate: CVE-2017-15114
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15114
5
https://bugzilla.redhat.com/show_bug.cgi?id=1510015
6
https://review.openstack.org/#/c/519015/
8
When libvirtd is configured by OSP director (tripleo-heat-templates) to use
9
the TLS transport it defaults to the same certificate authority as all
10
non-libvirtd services. As no additional authentication is configured this
11
allows these services to connect to libvirtd (which is equivalent to root
12
access). If a vulnerability exists in another service it could, combined
13
with this flaw, be exploited to escalate privileges to gain control over
23
Patches_tripleo-heat-templates:
24
upstream_tripleo-heat-templates: needs-triage
25
precise/esm_tripleo-heat-templates: DNE
26
trusty_tripleo-heat-templates: DNE
27
xenial_tripleo-heat-templates: needs-triage
28
zesty_tripleo-heat-templates: ignored (reached end-of-life)
29
artful_tripleo-heat-templates: needs-triage
30
bionic_tripleo-heat-templates: needs-triage
31
devel_tripleo-heat-templates: DNE