Описание
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
Ссылки
- Vendor Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingVendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 13.4.4 (исключая)Версия от 17.0 (включая) до 17.17 (исключая)Версия от 18.0 (включая) до 18.16 (исключая)Версия от 19.0 (включая) до 19.3 (исключая)
Одно из
cpe:2.3:a:redhat:livecd-tools:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:livecd-tools:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:livecd-tools:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:livecd-tools:*:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00063
Низкий
7.2 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
redhat
больше 12 лет назад
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
github
больше 3 лет назад
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
EPSS
Процентиль: 20%
0.00063
Низкий
7.2 High
CVSS2
Дефекты
CWE-264