Описание
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | fwupd | Not affected | ||
| Red Hat Enterprise Linux 8 | fwupd | Fixed | RHSA-2023:7189 | 14.11.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | fwupd | Fixed | RHSA-2024:1106 | 05.03.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | fwupd | Fixed | RHSA-2024:1403 | 19.03.2024 |
| Red Hat Enterprise Linux 9 | fwupd | Fixed | RHSA-2023:2487 | 09.05.2023 |
| Red Hat Enterprise Linux 9 | fwupd | Fixed | RHSA-2023:2487 | 09.05.2023 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin ...
5.5 Medium
CVSS3