Описание
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | 1.8.6-2 |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | needed | |
| esm-infra/xenial | not-affected | code not present |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| kinetic | ignored | end of life, was needed |
| lunar | not-affected | 1.8.6-2 |
| mantic | not-affected | 1.8.6-2 |
Показывать по
6.5 Medium
CVSS3
Связанные уязвимости
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
When creating an OPERATOR user account on the BMC, the redfish plugin ...
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
6.5 Medium
CVSS3