Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe

Filtered by product Storage Console

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-2665	2 Mongodb, Redhat	2 Mongodb, Storage Console	2019-10-09	1.9 LOW	7.0 HIGH
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.
CVE-2016-7062	1 Redhat	2 Storage Console, Storage Console Node	2017-07-05	2.1 LOW	7.8 HIGH
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.