ID CVE-2019-3891
Summary It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.
References
Vulnerable Configurations
  • Red Hat Satellite 6.4
    cpe:2.3:a:redhat:satellite:6.4
CVSS
Base: 2.1
Impact:
Exploitability:
CWE CWE-255
CAPEC
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3891
Last major update 15-04-2019 - 08:31
Published 15-04-2019 - 08:31
Last modified 15-04-2019 - 14:00
Back to Top