Lucene search

[email protected]CVE-2012-6117

HistoryMar 12, 2013 - 10:55 p.m.

CVE-2012-6117

2013-03-1222:55:00

CWE-264

[email protected]

web.nvd.nist.gov

aeolus

configuration server

red hat

cloudforms

cloud engine

cve-2012-6117

nvd

plaintext passwords

log file vulnerability

6.4 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.

CPENameOperatorVersion
redhat:cloudforms_cloud_engineredhat cloudforms cloud enginele1.1
redhat:cloudforms_cloud_engineredhat cloudforms cloud engineeq1.0

CPE	Name	Operator	Version
redhat:cloudforms_cloud_engine	redhat cloudforms cloud engine	le	1.1
redhat:cloudforms_cloud_engine	redhat cloudforms cloud engine	eq	1.0

References

rhn.redhat.com/errata/RHSA-2013-0545.html

bugzilla.redhat.com/show_bug.cgi?id=875294

6.4 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2012-6117

prion1 cvelist1 veracode1