Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-4886

Опубликовано: 03 окт. 2023
Источник: redhat
CVSS3: 6.7

Описание

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

Отчет

This flaw has a limited impact on security, as candlepin's individual stores' privileges are limited to root and tomcat only. Therefore, the impact is limited to highly privileged users.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2230135foreman: World readable file containing secrets

6.7 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-4886

CVSS3: 6.7
nvd
больше 2 лет назад

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

debian логотип

CVE-2023-4886

CVSS3: 6.7
debian
больше 2 лет назад

A sensitive information exposure vulnerability was found in foreman. C ...

github логотип

GHSA-r2mj-49jv-4jq7

CVSS3: 6.7
github
больше 2 лет назад

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

6.7 Medium

CVSS3