CVE-2012-5476Sensitive Information Exposure in Openstack-dashboard

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 64.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Openstack-dashboardDebian LinuxOpenstack Horizon
Timeline
PublishedDec 30
Latest updateApr 23

Description

Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5openstack-dashboard/openstack-dashboardRHOS Essex Preview (2012.2)
NVDopenstack/horizon2012.2

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-w8fv-pp3m-2hqx: Within the RHOS Essex Preview (20122022-04-23
CVEList
CVE-2012-5476: Within the RHOS Essex Preview (20122019-12-30

📋Vendor Advisories

1
Debian
CVE-2012-5476: horizon - Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the f...2012

💬Community

2
Bugzilla
CVE-2012-5476 OpenStack: Quantum /etc/quantum/quantum.conf secret password and token exposure [epel-6]2012-11-13
Bugzilla
CVE-2012-5476 OpenStack: Quantum /etc/quantum/quantum.conf secret password and token exposure2012-11-06
CVE-2012-5476 — Sensitive Information Exposure | cvebase