An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
CPE | Name | Operator | Version |
---|---|---|---|
heketi | eq | 5.0.0 | |
enterprise_linux | eq | 7.0 |