CVE-2014-0200

CWE-264CWE-732 โ€” Incorrect Permission Assignment5 documents5 sources
Severity
2.1LOW
EPSS
0.0%
top 87.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Rhevm-reports
Timeline
PublishedMay 29
Latest updateMay 17

Description

The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDredhat/rhevm-reports3.3.3+4

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-9q7g-42xw-69h2: The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3โ†—2022-05-17
โ–ถ
CVEList
CVE-2014-0200: The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3โ†—2014-05-29
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
ovirt-engine-reports: js-jboss7-ds.xml is world-readableโ†—2014-05-27
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2014-0200 ovirt-engine-reports: js-jboss7-ds.xml is world-readableโ†—2014-05-05
โ–ถ