CVE-2012-4574Insertion of Sensitive Information into Externally-Accessible File or Directory in Redhat Cloudforms

CWE-255CWE-538Insertion of Sensitive Information into Externally-Accessible File or Directory5 documents5 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 75.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Cloudforms
Timeline
PublishedJan 4
Latest updateMay 17

Description

Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4vm3-7378-9hc4: Pulp in Red Hat CloudForms before 12022-05-17
CVEList
CVE-2012-4574: Pulp in Red Hat CloudForms before 12013-01-04

📋Vendor Advisories

1
Red Hat
CVE-2012-4574: Pulp in Red Hat CloudForms before 12013-01-04

💬Community

1
Bugzilla
CVE-2012-4574 pulp /etc/pulp/pulp.conf world readable, contains default admin password2012-11-02
CVE-2012-4574 — Redhat Cloudforms vulnerability | cvebase