-----------------------
Title: Multiple Cinder drivers set insecure file permissions
Reporter: Dirk Mueller (SUSE)
Products: Cinder
Affects: All supported versions
Description:
Dirk Mueller from SUSE reported that GPFS, Huawei, Scality and Nexenta Cinder drivers were setting insecure file permissions for various files. A local attacker with shell access to the Cinder host could read and write those files, which may result in disclosure or corruption of block storage users information. Only Cinder setups using the GPFS, Huawei, Scality or Nexenta drivers are affected.
Proposed impact description:
------- ------- ------- --
Title: Multiple Cinder drivers set insecure file permissions
Reporter: Dirk Mueller (SUSE)
Products: Cinder
Affects: All supported versions
Description:
Dirk Mueller from SUSE reported that GPFS, Huawei, Scality and Nexenta Cinder drivers were setting insecure file permissions for various files. A local attacker with shell access to the Cinder host could read and write those files, which may result in disclosure or corruption of block storage users information. Only Cinder setups using the GPFS, Huawei, Scality or Nexenta drivers are affected.