CVE-2011-4083

CWE-3105 documents5 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 57.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat SOS
Timeline
PublishedFeb 17
Latest updateMay 17

Description

The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDredhat/sos1.7-6+13

🔴Vulnerability Details

2
GHSA
GHSA-27j9-864c-crj8: The sosreport utility in the Red Hat sos package before 12022-05-17
CVEList
CVE-2011-4083: The sosreport utility in the Red Hat sos package before 12014-02-17

📋Vendor Advisories

1
Red Hat
sos: sosreport is gathering certificate-based RHN entitlement private keys2011-12-06

💬Community

1
Bugzilla
CVE-2011-4083 sos: sosreport is gathering certificate-based RHN entitlement private keys2011-10-26
CVE-2011-4083 (MEDIUM CVSS 4.3) | The sosreport utility in the Red Ha | cvebase.io