CVE-2023-4886

Опубликовано: 03 окт. 2023

Источник: nvd

CVSS3: 6.7

CVSS3: 4.4

EPSS Низкий

Описание

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

Ссылки

https://access.redhat.com/errata/RHSA-2023:7851
https://access.redhat.com/errata/RHSA-2024:1061
https://access.redhat.com/security/cve/CVE-2023-4886
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2230135
Issue Tracking
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7851
https://access.redhat.com/errata/RHSA-2024:1061
https://access.redhat.com/security/cve/CVE-2023-4886
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2230135
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Версия до 3.8.0 (исключая)

Конфигурация 2

cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00088

Низкий

6.7 Medium

CVSS3

4.4 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

CVE-2023-4886

CVSS3: 6.7

redhat

больше 2 лет назад

CVE-2023-4886

CVSS3: 6.7

debian

больше 2 лет назад

A sensitive information exposure vulnerability was found in foreman. C ...

GHSA-r2mj-49jv-4jq7

CVSS3: 6.7

github

больше 2 лет назад

EPSS

Процентиль: 25%

0.00088

Низкий

6.7 Medium

CVSS3

4.4 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo