CVE-2023-6725
Published: 15 March 2024
An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.
Notes
Author | Note |
---|---|
mdeslaur | In Ubuntu, the /etc/designate directory isn't world-readable, so this likely isn't an issue. Deferring this CVE until we get more information. |
yomonokio | The issue is specific to RH OpenStack Platform packaging |
Priority
Status
Package | Release | Status |
---|---|---|
designate Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
mantic |
Not vulnerable
(code not present)
|
|
noble |
Not vulnerable
(code not present)
|
|
upstream |
Not vulnerable
(code not present)
|
|
xenial |
Not vulnerable
(code not present)
|