← back
CVE-2017-15103

CVE-2017-15103

EPSS 5.5%CWE-78
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
Affected products
Heketi · Heketi

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2017:3481https://access.redhat.com/security/cve/CVE-2017-15103https://bugzilla.redhat.com/show_bug.cgi?id=1510147