CVE-2014-0201

CWE-264CWE-732Incorrect Permission AssignmentCWE-200Information Exposure5 documents5 sources
Severity
2.1LOW
EPSS
0.0%
top 87.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Rhevm-reports
Timeline
PublishedMay 29
Latest updateMay 17

Description

ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-364g-h6q4-24hp: ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 32022-05-17
CVEList
CVE-2014-0201: ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 32014-05-29

📋Vendor Advisories

1
Red Hat
ovirt-engine-reports: various configuration files are world-readable2014-05-27

💬Community

1
Bugzilla
CVE-2014-0201 ovirt-engine-reports: various configuration files are world-readable2014-05-05
CVE-2014-0201 (LOW CVSS 2.1) | ovirt-engine-reports | cvebase.io