Описание
In some cases, Kea log files or lease files may be world-readable.
This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
A vulnerability was found in the Kea package, where an attacker with access to a local unprivileged user may be able to read the logs and DHCP lease information. This can be used to retrieve sensitive information about the DHCP clients and about the Kea process itself.
Отчет
The Red Hat Product Security team has rated this vulnerability as with Moderate severity. An attacker needs to have a local account with read privileges to where the Kea's logs are being written to. Although information regarding DHCP clients and the Kea process can be retrieved, initially no sensitive information is leak through the logs leading to a low impact in the Confidentiality aspect.
Меры по смягчению последствий
This issue can be mitigated by ensuring the directories which contain the log files and lease information can be only accessed by trusted or privileged users.
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
In some cases, Kea log files or lease files may be world-readable. Thi ...
In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
Уязвимость DHCP-сервера с открытым исходным кодом Kea, связанная с некорректно используемыми стандартными разрешениями, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
3.3 Low
CVSS3