CVE-2019-13313

Опубликовано: 05 июл. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 2.1

EPSS Низкий

Описание

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

Ссылки

http://www.openwall.com/lists/oss-security/2019/07/08/3
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3387
Third Party Advisory
https://gitlab.com/libosinfo/libosinfo/-/tags
Release Notes
Third Party Advisory
https://gitlab.com/libosinfo/libosinfo/blob/master/NEWS
Release Notes
Third Party Advisory
https://libosinfo.org/download/
Release Notes
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZU4IPPIR73NYC6E733QR26O5ZI6MMKJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZUZKC6YK4E3NXM7XKZOXY5X5PJSPIR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4AD73NGYBV7GYT4LFC3TC7AYBWOJTG4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT44EYZZQFTK7XM6GKCYC4WUE7HYZVXM/
https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/08/3
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3387
Third Party Advisory
https://gitlab.com/libosinfo/libosinfo/-/tags
Release Notes
Third Party Advisory
https://gitlab.com/libosinfo/libosinfo/blob/master/NEWS
Release Notes
Third Party Advisory
https://libosinfo.org/download/
Release Notes
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZU4IPPIR73NYC6E733QR26O5ZI6MMKJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZUZKC6YK4E3NXM7XKZOXY5X5PJSPIR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4AD73NGYBV7GYT4LFC3TC7AYBWOJTG4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT44EYZZQFTK7XM6GKCYC4WUE7HYZVXM/
https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libosinfo:libosinfo:1.5.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.0005

Низкий

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2019-13313

CVSS3: 7.8

ubuntu

больше 6 лет назад

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

CVE-2019-13313

CVSS3: 2.8

redhat

больше 6 лет назад

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

CVE-2019-13313

CVSS3: 7.8

debian

больше 6 лет назад

libosinfo 1.5.0 allows local users to discover credentials by listing ...

SUSE-SU-2024:1700-1

suse-cvrf

больше 1 года назад

Security update for libosinfo

SUSE-SU-2019:2273-1

suse-cvrf

больше 6 лет назад

Security update for libosinfo

EPSS

Процентиль: 15%

0.0005

Низкий

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200