CVE-2020-14391

Опубликовано: 08 фев. 2021

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1873093
Issue Tracking
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1873093
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:gnome:control_center:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.0005

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-522

Связанные уязвимости

CVE-2020-14391

CVSS3: 5

redhat

почти 5 лет назад

CVE-2020-14391

CVSS3: 5.5

debian

больше 4 лет назад

A flaw was found in the GNOME Control Center in Red Hat Enterprise Lin ...

GHSA-95g9-pcvg-9462

CVSS3: 5.5

github

около 3 лет назад

ELSA-2020-4451

oracle-oval

больше 4 лет назад

ELSA-2020-4451: GNOME security, bug fix, and enhancement update (MODERATE)

RLSA-2020:4451

rocky

больше 4 лет назад

Moderate: GNOME security, bug fix, and enhancement update

EPSS

Процентиль: 15%

0.0005

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-522