Описание
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.
Ссылки
- Third Party Advisory
- ExploitIssue TrackingMitigationVendor Advisory
- Third Party Advisory
- ExploitIssue TrackingMitigationVendor Advisory
Уязвимые конфигурации
EPSS
5.5 Medium
CVSS3
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.
EPSS
5.5 Medium
CVSS3
7.8 High
CVSS3
2.1 Low
CVSS2