CVE-2012-3538 — Redhat Cloudforms vulnerability

CWE-2555 documents5 sources

Severity

3.3LOWNVD

EPSS

0.2%

top 58.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms

Timeline

PublishedJan 4

Latest updateMay 17

Description

Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.

CVSS vector

AV:A/AC:L/C:P/I:N/A:NExploitability: 6.5 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/cloudforms1.0

🔴Vulnerability Details

GHSA

GHSA-c3vm-p8x5-j8qp: Pulp in Red Hat CloudForms before 1↗2022-05-17

▶

CVEList

CVE-2012-3538: Pulp in Red Hat CloudForms before 1↗2013-01-04

▶

📋Vendor Advisories

Red Hat

katello: pulp admin password logged in plaintext in world-readable katello/production.log↗2012-12-04

▶

💬Community

Bugzilla

CVE-2012-3538 katello: pulp admin password logged in plaintext in world-readable katello/production.log↗2012-08-27

▶