ID |
CVE-2012-3538
|
Summary |
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 3.3 (as of 29-08-2017 - 01:31) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-255 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
ADJACENT_NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:A/AC:L/Au:N/C:P/I:N/A:N
|
redhat
via4
|
advisories | | rpms | - candlepin-0:0.7.8.1-1.el6cf
- candlepin-devel-0:0.7.8.1-1.el6cf
- candlepin-selinux-0:0.7.8.1-1.el6cf
- candlepin-tomcat6-0:0.7.8.1-1.el6cf
- gofer-0:0.66.1-2.el5
- gofer-0:0.66.1-2.el6cf
- gofer-package-0:0.66.1-2.el5
- gofer-package-0:0.66.1-2.el6cf
- gofer-watchdog-0:0.66.1-2.el5
- gofer-watchdog-0:0.66.1-2.el6cf
- grinder-0:0.0.150-1.el6cf
- katello-0:1.1.12-22.el6cf
- katello-agent-0:1.1.2-1.el5
- katello-agent-0:1.1.2-1.el6cf
- katello-all-0:1.1.12-22.el6cf
- katello-api-docs-0:1.1.12-22.el6cf
- katello-certs-tools-0:1.1.8-1.el6cf
- katello-cli-0:1.1.8-12.el6cf
- katello-cli-common-0:1.1.8-12.el6cf
- katello-cli-tests-0:1.1.5-2.el6cf
- katello-common-0:1.1.12-22.el6cf
- katello-configure-0:1.1.9-12.el6cf
- katello-glue-candlepin-0:1.1.12-22.el6cf
- katello-glue-pulp-0:1.1.12-22.el6cf
- katello-selinux-0:1.1.1-2.el6cf
- pulp-0:1.1.14-1.el6cf
- pulp-admin-0:1.1.14-1.el6cf
- pulp-client-lib-0:1.1.14-1.el6cf
- pulp-common-0:1.1.14-1.el6cf
- pulp-consumer-0:1.1.14-1.el6cf
- pulp-selinux-server-0:1.1.14-1.el6cf
- python-gofer-0:0.66.1-2.el5
- python-gofer-0:0.66.1-2.el6cf
- quartz-0:2.1.5-4.el6cf
- rubygem-apipie-rails-0:0.0.11-3.el6cf
|
|
refmap
via4
|
bid | 56819 | osvdb | 88139 | secunia | 51472 | xf | cloudforms-pulp-info-disc(80547) |
|
Last major update |
29-08-2017 - 01:31 |
Published |
04-01-2013 - 22:55 |
Last modified |
29-08-2017 - 01:31 |