Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-14391

Опубликовано: 08 сент. 2020
Источник: redhat
CVSS3: 5
EPSS Низкий

Описание

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.

A flaw was found in the GNOME Control Center, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.

Отчет

This issue did not affect the versions of gnome-settings-daemon as shipped with Red Hat Enterprise Linux 6, and 7 as they did not include the subscription-manager plugin.

Меры по смягчению последствий

Use subscription-manager directly from the terminal and do not use the --password flag.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6gnome-settings-daemonNot affected
Red Hat Enterprise Linux 7gnome-settings-daemonNot affected
Red Hat Enterprise Linux 8gnome-settings-daemonFixedRHSA-2020:445104.11.2020
Red Hat Enterprise Linux 8.2 Extended Update Supportgnome-settings-daemonFixedRHSA-2021:026626.01.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-522
https://bugzilla.redhat.com/show_bug.cgi?id=1873093gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center

EPSS

Процентиль: 15%
0.0005
Низкий

5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-14391

CVSS3: 5.5
nvd
больше 4 лет назад

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.

debian логотип

CVE-2020-14391

CVSS3: 5.5
debian
больше 4 лет назад

A flaw was found in the GNOME Control Center in Red Hat Enterprise Lin ...

github логотип

GHSA-95g9-pcvg-9462

CVSS3: 5.5
github
около 3 лет назад

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.

oracle-oval логотип

ELSA-2020-4451

oracle-oval
больше 4 лет назад

ELSA-2020-4451: GNOME security, bug fix, and enhancement update (MODERATE)

rocky логотип

RLSA-2020:4451

rocky
больше 4 лет назад

Moderate: GNOME security, bug fix, and enhancement update

EPSS

Процентиль: 15%
0.0005
Низкий

5 Medium

CVSS3