CVE-2018-16849 in openstack-mistral
Summary
by MITRE
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/29/2025
The vulnerability identified as CVE-2018-16849 resides within the openstack-mistral orchestration framework, specifically affecting the std.ssh action functionality. This flaw represents a significant information disclosure vulnerability that stems from inadequate input validation and path handling mechanisms within the SSH private key filename parameter. The issue manifests when the private_key_filename attribute accepts absolute paths, creating an unintended attack surface that allows malicious actors to probe the executor's filesystem for the existence of arbitrary files.
The technical exploitation of this vulnerability occurs through manipulation of the SSH private key filename parameter in the std.ssh action. When an attacker provides an absolute path to the private_key_filename field, the system attempts to validate or access that file path without proper sanitization or access control measures. This behavior enables an attacker to determine whether specific files exist on the executor's filesystem by observing the system's response to different file paths. The vulnerability essentially transforms a legitimate SSH functionality into a reconnaissance tool for filesystem enumeration.
This flaw directly maps to CWE-22, which describes improper limitation of a pathname to a restricted directory, commonly known as path traversal or directory traversal attacks. The vulnerability allows for unauthorized file system access patterns that bypass normal security controls, enabling attackers to gather intelligence about the target system's file structure. The operational impact extends beyond simple information disclosure, as it provides attackers with critical reconnaissance data that could be leveraged for more sophisticated attacks. The vulnerability affects any system running openstack-mistral where the std.ssh action is utilized, particularly in cloud orchestration environments where multiple users may have access to the orchestration framework.
The security implications of CVE-2018-16849 align with ATT&CK technique T1083, which covers file and directory discovery. Attackers can systematically enumerate files and directories on the executor system, potentially identifying sensitive configuration files, credential stores, or other system artifacts that could be exploited in subsequent phases. This reconnaissance capability undermines the fundamental security assumptions of the orchestration environment, as it allows attackers to map the system landscape without requiring direct access to the underlying operating system. The vulnerability is particularly concerning in multi-tenant cloud environments where isolation between users is critical for maintaining security boundaries.
Mitigation strategies for this vulnerability should focus on implementing strict input validation and path sanitization for all file path parameters within the std.ssh action. Organizations should configure the system to reject absolute paths for private key filenames and instead enforce relative paths or predefined safe directories. Additionally, access controls should be implemented to restrict which users can execute the std.ssh action, and logging mechanisms should be enhanced to monitor suspicious file access patterns. The fix should also include implementing proper privilege separation and ensuring that the executor process runs with minimal necessary permissions to prevent escalation of privileges. Regular security audits and input validation testing should be conducted to prevent similar vulnerabilities from being introduced in future code modifications.