| ID |
CVE-2012-4574
|
| Summary |
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 2.1 (as of 29-08-2017 - 01:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-255 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
NONE |
NONE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| redhat
via4
|
| advisories | | | rpms | - candlepin-0:0.7.8.1-1.el6cf
- candlepin-devel-0:0.7.8.1-1.el6cf
- candlepin-selinux-0:0.7.8.1-1.el6cf
- candlepin-tomcat6-0:0.7.8.1-1.el6cf
- gofer-0:0.66.1-2.el5
- gofer-0:0.66.1-2.el6cf
- gofer-package-0:0.66.1-2.el5
- gofer-package-0:0.66.1-2.el6cf
- gofer-watchdog-0:0.66.1-2.el5
- gofer-watchdog-0:0.66.1-2.el6cf
- grinder-0:0.0.150-1.el6cf
- katello-0:1.1.12-22.el6cf
- katello-agent-0:1.1.2-1.el5
- katello-agent-0:1.1.2-1.el6cf
- katello-all-0:1.1.12-22.el6cf
- katello-api-docs-0:1.1.12-22.el6cf
- katello-certs-tools-0:1.1.8-1.el6cf
- katello-cli-0:1.1.8-12.el6cf
- katello-cli-common-0:1.1.8-12.el6cf
- katello-cli-tests-0:1.1.5-2.el6cf
- katello-common-0:1.1.12-22.el6cf
- katello-configure-0:1.1.9-12.el6cf
- katello-glue-candlepin-0:1.1.12-22.el6cf
- katello-glue-pulp-0:1.1.12-22.el6cf
- katello-selinux-0:1.1.1-2.el6cf
- pulp-0:1.1.14-1.el6cf
- pulp-admin-0:1.1.14-1.el6cf
- pulp-client-lib-0:1.1.14-1.el6cf
- pulp-common-0:1.1.14-1.el6cf
- pulp-consumer-0:1.1.14-1.el6cf
- pulp-selinux-server-0:1.1.14-1.el6cf
- python-gofer-0:0.66.1-2.el5
- python-gofer-0:0.66.1-2.el6cf
- quartz-0:2.1.5-4.el6cf
- rubygem-apipie-rails-0:0.0.11-3.el6cf
|
|
| refmap
via4
|
|
| Last major update |
29-08-2017 - 01:32 |
| Published |
04-01-2013 - 22:55 |
| Last modified |
29-08-2017 - 01:32 |
