Lucene search
GitHub Advisory DatabaseGHSA-HXVP-655X-XXQVHistoryMay 17, 2022 - 4:44 a.m.
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml
2022-05-1704:44:31
GitHub Advisory Database
github.com
16
kafo
local users
default_values.yaml
sensitive information
world-readable permissions
foreman
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
0
Percentile
5.1%
Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.
Affected configurations
Node
theforemankafoRange0.4.0–0.5.2
ORtheforemankafoRange<0.3.17
| Vendor | Product | Version | CPE |
|---|---|---|---|
| theforeman | kafo | * | cpe:2.3:a:theforeman:kafo:*:*:*:*:*:*:*:* |
Related
osv
osv
rubygems
rubygems
cve
cve
CVE-2014-0135
2014-05-08 14:29:13
cvelist
cvelist
CVE-2014-0135
2014-05-08 14:00:00
prion
prion
Design/Logic Flaw
2014-05-08 14:29:00
nvd
nvd
CVE-2014-0135
2014-05-08 14:29:13
nessus
nessus
RHEL 6 : rubygem-kafo (Unpatched Vulnerability)
2024-06-03 00:00:00
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
0
Percentile
5.1%
Related for GHSA-HXVP-655X-XXQV