CVE-2010-2241

CWE-2645 documents5 sources
Severity
2.1LOW
EPSS
0.0%
top 85.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Directory Server
Timeline
PublishedAug 17
Latest updateMay 14

Description

The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDredhat/directory_server8.0, 8.1+1

🔴Vulnerability Details

2
GHSA
GHSA-g8wm-c6h5-35rm: The (1) setup-ds2022-05-14
CVEList
CVE-2010-2241: The (1) setup-ds2010-08-17

📋Vendor Advisories

1
Red Hat
redhat-ds: setup script insecure .inf file permissions2010-05-18

💬Community

1
Bugzilla
CVE-2010-2241 redhat-ds: setup script insecure .inf file permissions2010-06-25
CVE-2010-2241 (LOW CVSS 2.1) | The (1) setup-ds.pl and (2) setup-d | cvebase.io