Описание
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| fwupd | fixed | 1.8.5-1 | package | |
| fwupd | not-affected | bullseye | package | |
| fwupd | not-affected | buster | package |
Примечания
Introduced by: https://github.com/fwupd/fwupd/commit/1210aa4ae7a8bddfe4d0071736c1285f17136faa (1.7.0)
Fixed by: https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 (1.8.5)
Связанные уязвимости
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.