CVE-2023-6725
Published: 15 March 2024
An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.
Notes
Author | Note |
---|---|
mdeslaur | In Ubuntu, the /etc/designate directory isn't world-readable, so this likely isn't an issue. Deferring this CVE until we get more information. |