CVE-2019-13313: libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

Affected

19 ranges

Vendor	Product	Version range	Fixed in
debian	libosinfo	< libosinfo 1.6.0-1 (bookworm)	libosinfo 1.6.0-1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
libosinfo	libosinfo	—	—
libosinfo	libosinfo	>= 0 < 1.6.0-1	1.6.0-1
libosinfo	libosinfo	>= 0 < 1.6.0-1	1.6.0-1
libosinfo	libosinfo	>= 0 < 1.6.0-1	1.6.0-1
libosinfo	libosinfo	>= 0 < 1.6.0-1	1.6.0-1
redhat	enterprise_linux	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

osv7.8HIGH