Lucene search

[email protected]CVE-2014-0135

HistoryMay 08, 2014 - 2:29 p.m.

CVE-2014-0135

2014-05-0814:29:13

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-0135

kafo

foreman

sensitive information disclosure

local exploit

nvd

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.

Affected configurations

NVD

Node

theforemankafoRange≤0.3.16

theforemankafoMatch0.0.1

theforemankafoMatch0.0.2

theforemankafoMatch0.0.3

theforemankafoMatch0.0.4

theforemankafoMatch0.0.5

theforemankafoMatch0.0.6

theforemankafoMatch0.0.7

theforemankafoMatch0.0.8

theforemankafoMatch0.0.9

theforemankafoMatch0.0.10

theforemankafoMatch0.0.11

theforemankafoMatch0.0.12

theforemankafoMatch0.0.13

theforemankafoMatch0.0.14

theforemankafoMatch0.0.15

theforemankafoMatch0.0.16

theforemankafoMatch0.0.17

theforemankafoMatch0.1.0

theforemankafoMatch0.2.0

theforemankafoMatch0.2.1

theforemankafoMatch0.2.2

theforemankafoMatch0.3.0

theforemankafoMatch0.3.1

theforemankafoMatch0.3.2

theforemankafoMatch0.3.3

theforemankafoMatch0.3.4

theforemankafoMatch0.3.5

theforemankafoMatch0.3.6

theforemankafoMatch0.3.7

theforemankafoMatch0.3.8

theforemankafoMatch0.3.9

theforemankafoMatch0.3.10

theforemankafoMatch0.3.11

theforemankafoMatch0.3.12

theforemankafoMatch0.3.13

theforemankafoMatch0.3.14

theforemankafoMatch0.3.15

theforemankafoMatch0.4.0

theforemankafoMatch0.5.0

theforemankafoMatch0.5.1

CPENameOperatorVersion
theforeman:kafotheforeman kafole0.3.16
theforeman:kafotheforeman kafoeq0.0.1
theforeman:kafotheforeman kafoeq0.0.2
theforeman:kafotheforeman kafoeq0.0.3
theforeman:kafotheforeman kafoeq0.0.4
theforeman:kafotheforeman kafoeq0.0.5
theforeman:kafotheforeman kafoeq0.0.6
theforeman:kafotheforeman kafoeq0.0.7
theforeman:kafotheforeman kafoeq0.0.8
theforeman:kafotheforeman kafoeq0.0.9

CPE	Name	Operator	Version
theforeman:kafo	theforeman kafo	le	0.3.16
theforeman:kafo	theforeman kafo	eq	0.0.1
theforeman:kafo	theforeman kafo	eq	0.0.2
theforeman:kafo	theforeman kafo	eq	0.0.3
theforeman:kafo	theforeman kafo	eq	0.0.4
theforeman:kafo	theforeman kafo	eq	0.0.5
theforeman:kafo	theforeman kafo	eq	0.0.6
theforeman:kafo	theforeman kafo	eq	0.0.7
theforeman:kafo	theforeman kafo	eq	0.0.8
theforeman:kafo	theforeman kafo	eq	0.0.9