CVE-2019-13313

Опубликовано: 05 июл. 2019

Источник: redhat

CVSS3: 2.8

EPSS Низкий

Описание

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing.

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-214->CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1727766Libosinfo: osinfo-install-script option leaks password via command line argument

EPSS

Процентиль: 15%

0.0005

Низкий

2.8 Low

CVSS3

Связанные уязвимости

CVE-2019-13313

CVSS3: 7.8

ubuntu

больше 6 лет назад

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

CVE-2019-13313

CVSS3: 7.8

nvd

больше 6 лет назад

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

CVE-2019-13313

CVSS3: 7.8

debian

больше 6 лет назад

libosinfo 1.5.0 allows local users to discover credentials by listing ...

SUSE-SU-2024:1700-1

suse-cvrf

больше 1 года назад

Security update for libosinfo

SUSE-SU-2019:2273-1

suse-cvrf

больше 6 лет назад

Security update for libosinfo

EPSS

Процентиль: 15%

0.0005

Низкий

2.8 Low

CVSS3