CVE-2017-1000199

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-1000199
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000199.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-1000199
Downstream
Related
Published
2017-11-17T02:29:00.957Z
Modified
2026-04-11T17:12:22.195586Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.

References

Affected packages

Git / github.com/open-iscsi/tcmu-runner

Affected ranges

Type
GIT
Repo
https://github.com/open-iscsi/tcmu-runner
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
592d68205fb01140255d4e8596c0ba8979da3ea9
Last affected
1624c9ad92efbd0840096f428ddfed6aa508f862
Last affected
ab770251f78374f9538d6b3c961298d49185ed78
Last affected
351b1ed70fcca1dfb43f0a619b980a12d3961b35
Last affected
be0875db70cd6ff804bfddd26a3428c6b69cffed
Last affected
00e858fc173173b2e4a45d61aca853016f8e6827
Last affected
8ed4677eb930952c018dc9a505f73f1d91ae9a05
Last affected
c7683ad32429adf707f4d94c23bd065c51949b50
Last affected
00658265d83d0573168a2f045af154227074870c
Last affected
3d335660333b98cd5bdb8983a619c3b00b814b3e
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.1"
        },
        {
            "last_affected": "0.9.2"
        },
        {
            "last_affected": "0.9.3"
        },
        {
            "last_affected": "0.9.4"
        },
        {
            "last_affected": "1.0.5"
        },
        {
            "last_affected": "1.1.0"
        },
        {
            "last_affected": "1.1.1"
        },
        {
            "last_affected": "1.1.2"
        },
        {
            "last_affected": "1.1.3"
        },
        {
            "last_affected": "1.2.0"
        }
    ],
    "cpe": [
        "cpe:2.3:a:tcmu-runner_project:tcmu-runner:0.9.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:tcmu-runner_project:tcmu-runner:0.9.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:tcmu-runner_project:tcmu-runner:0.9.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:tcmu-runner_project:tcmu-runner:0.9.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.0.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.1.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.1.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.1.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:tcmu-runner_project:tcmu-runner:1.2.0:*:*:*:*:*:*:*"
    ]
}

Affected versions

v0.*
v0.8
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.2.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000199.json"