CVE-2012-5658

CWE-3105 documents5 sources

Severity

2.1LOW

EPSS

0.1%

top 80.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Redhat Openshift Origin

Timeline

PublishedFeb 24

Latest updateMay 17

Description

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDredhat/openshift_origin1.0.5

▶NVDredhat/openshift1.0

🔴Vulnerability Details

GHSA

GHSA-4prw-24cm-ghmj: rhc-chk↗2022-05-17

▶

CVEList

CVE-2012-5658: rhc-chk↗2013-02-24

▶

📋Vendor Advisories

Red Hat

Origin: rhc-chk.rb password exposure in log files↗2012-12-17

▶

💬Community

Bugzilla

CVE-2012-5658 OpenShift Origin: rhc-chk.rb password exposure in log files↗2012-12-20

▶