Описание
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:redhat:enterprise_virtualization:3.4:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00061
Низкий
2.1 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
redhat
больше 10 лет назад
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.
github
около 3 лет назад
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.
EPSS
Процентиль: 19%
0.00061
Низкий
2.1 Low
CVSS2
Дефекты
CWE-200