Channel Accessible by Non-Endpoint

CVE-2017-15086

High

7.4/10

Summary

It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-300 - Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

References

Advisory Timeline

Published Nov 08, 2017

Channel Accessible by Non-Endpoint

CVE-2017-15086

Summary

CWE-300 - Channel Accessible by Non-Endpoint

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS