CVE-2017-1000199

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-1000199

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000199.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-1000199

Related

Published

2017-11-17T02:29:00Z

Modified

2025-01-08T04:21:14.011053Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.

References

Affected packages

Git / github.com/open-iscsi/tcmu-runner

Affected ranges

Type: GIT
Repo: https://github.com/open-iscsi/tcmu-runner
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

00658265d83d0573168a2f045af154227074870c

Last affected

00e858fc173173b2e4a45d61aca853016f8e6827

Last affected

1624c9ad92efbd0840096f428ddfed6aa508f862

Last affected

351b1ed70fcca1dfb43f0a619b980a12d3961b35

Last affected

3d335660333b98cd5bdb8983a619c3b00b814b3e

Last affected

592d68205fb01140255d4e8596c0ba8979da3ea9

Last affected

8ed4677eb930952c018dc9a505f73f1d91ae9a05

Last affected

ab770251f78374f9538d6b3c961298d49185ed78

Last affected

be0875db70cd6ff804bfddd26a3428c6b69cffed

Last affected

c7683ad32429adf707f4d94c23bd065c51949b50

Affected versions

v0.*

v0.8

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.1.0

v1.1.1

v1.1.2

v1.1.3