CVE-2023-4886
published 2023-10-03CVE-2023-4886: A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and…
PriorityP417medium4.4CVSS 3.1
AVLACLPRHUINSUCHINAN
EPSS
0.27%
19.0th percentile
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | satellite | — | — |
| theforeman | foreman | < 3.8.0 | 3.8.0 |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vendor_redhat6.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
foreman: World readable file containing secrets
vendor_redhat·2023-10-03·CVSS 6.7
CVE-2023-4886 [MEDIUM] CWE-200 foreman: World readable file containing secrets
foreman: World readable file containing secrets
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
Statement: This flaw has a limited impact on security, as candlepin's individual stores' privileges are limited to root and tomcat only. Therefore, the impact is limited to highly privileged users.
GHSA
GHSA-r2mj-49jv-4jq7: A sensitive information exposure vulnerability was found in foreman
ghsa_unreviewed·2023-10-03
CVE-2023-4886 [MEDIUM] CWE-200 GHSA-r2mj-49jv-4jq7: A sensitive information exposure vulnerability was found in foreman
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://access.redhat.com/errata/RHSA-2023:7851https://access.redhat.com/errata/RHSA-2024:1061https://access.redhat.com/security/cve/CVE-2023-4886https://bugzilla.redhat.com/show_bug.cgi?id=2230135https://access.redhat.com/errata/RHSA-2023:7851https://access.redhat.com/errata/RHSA-2024:1061https://access.redhat.com/security/cve/CVE-2023-4886https://bugzilla.redhat.com/show_bug.cgi?id=2230135
2023-10-03
Published