CVE-2012-0059

CWE-209 CWE-3107 documents5 sources

Severity

4.9MEDIUM

EPSS

0.4%

top 41.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Network Proxy Redhat Satellite

Timeline

PublishedFeb 5

Latest updateMay 4

Description

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/satellite5.4

▶NVDredhat/network_proxy5.4

🔴Vulnerability Details

GHSA

GHSA-gqj9-6pwj-7952: Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5↗2022-05-04

▶

CVEList

Spacewalk-backend: spacewalk-backend: information disclosure via cleartext passwords in error messages↗2014-02-05

▶

📋Vendor Advisories

Red Hat

CVE-2012-0059: A flaw was found in Spacewalk-backend↗2014-02-05

▶

💬Community

Bugzilla

CVE-2012-5471 moodle: Various security issues fixed in upstream 2.3.3, 2.2.6 and 2.1.9 versions (MSA-12-0057, MSA-12-0058, MSA-12-0059, MSA-12-0060, MSA-12-0061, MSA-12-0062, MSA-12-0063) [fedora-all]↗2012-11-19

▶

Bugzilla

CVE-2012-0059 Satellite, Spacewalk: RHN user password disclosure upon failed system registration↗2012-01-18

▶