CVE-2014-0164Incorrect Permission Assignment in Redhat Openshift

CWE-310CWE-732Incorrect Permission Assignment7 documents7 sources
Severity
2.1LOWNVD
EPSS
0.0%
top 89.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Puppet McollectiveRedhat Openshift
Timeline
PublishedMay 5
Latest updateMay 17

Description

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

NVDredhat/openshift1.2.7, 2.0.5+1
Debianpuppet/mcollective< 1.2.1+dfsg-2+1

🔴Vulnerability Details

3
GHSA
GHSA-qrc5-rp7w-h34q: openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 12022-05-17
CVEList
CVE-2014-0164: openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 12014-05-05
OSV
CVE-2014-0164: openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 12014-05-05

📋Vendor Advisories

2
Red Hat
mcollective: world readable client config2014-05-01
Debian
CVE-2014-0164: mcollective - openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and ...2014

💬Community

1
Bugzilla
CVE-2014-0164 mcollective: world readable client config2014-04-03
CVE-2014-0164 — Incorrect Permission Assignment | cvebase