What is CVE-2018-17954?

CVE-2018-17954 is a critical-severity vulnerability in Suse Openstack Cloud 7, classified under Improper Privilege Management. CVSS score: 9.3/10. Published 2020-04-03.

How severe is CVE-2018-17954?

Critical severity. CVSS v3 base score is 9.3 out of 10.

Privilege escalation in Suse Openstack Cloud 7

CVE-2018-17954

An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause be…

Vulnerability class: Privilege Escalation

EPSS: 0.000 (13.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.3 (Critical). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Suse Openstack Cloud 7 — versions crowbar-core
Suse Openstack Cloud 8 — versions ardana-cinder
Suse Openstack Cloud 9 — versions ardana-ansible
Suse Openstack Cloud Crowbar 8 — versions crowbar-core
Suse Openstack Cloud Crowbar 9 — versions crowbar-core

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

bugzilla.suse.com/show_bug.cgi

Frequently asked questions

What is CVE-2018-17954?: CVE-2018-17954 is a critical-severity vulnerability in Suse Openstack Cloud 7, classified under Improper Privilege Management. CVSS score: 9.3/10. Published 2020-04-03.
How severe is CVE-2018-17954?: Critical severity. CVSS v3 base score is 9.3 out of 10.