Описание
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| fwupd | fixed | 1.8.5-1 | package | |
| fwupd | not-affected | bullseye | package | |
| fwupd | not-affected | buster | package |
Примечания
Introduced by: https://github.com/fwupd/fwupd/commit/1210aa4ae7a8bddfe4d0071736c1285f17136faa (1.7.0)
Fixed by: https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 (1.8.5)
EPSS
Связанные уязвимости
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
EPSS