677 matches found
CVE-2012-5603
proxiescontroller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system...
CVE-2012-4574
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file...
CVE-2012-4574
CVE-2012-4574 affects Red Hat CloudForms with the Pulp component. The issue arises because the Pulp configuration file, pulp.conf, was installed with world-readable permissions, allowing local users to read the administrative password. The RHSA-2012:1543 update for CloudForms System Engine 1.1 fi...
CVE-2012-5603
CVE-2012-5603 affects Red Hat CloudForms (Katello component) prior to CloudForms 1.1. The issue is an insufficient permission check in proxies_controller.rb, enabling an authenticated remote attacker to read consumer certificates or alter other users’ settings by abusing the target system UUID. T...
CVE-2012-3538
CVE-2012-3538 affects Red Hat CloudForms (System Engine) 1.1 and is caused by Pulp logging administrative passwords to a world-readable log file (production.log). This local, file-based disclosure allows a user with access to the log to read administrative credentials and potentially take control...
CVE-2012-5605
CVE-2012-5605 affects Red Hat CloudForms System Engine prior to version 1.1. The issue arises from grinder cache in /var/lib/pulp/cache/grinder/ using world-writable permissions, enabling local attackers to read or modify grinder cache files. The RHSA-2012:1543 advisory documents this vulnerabili...
CVE-2012-3538
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log...
pulp /etc/pulp/pulp.conf world readable, contains default admin password
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file...
grinder: /var/lib/pulp/cache/grinder directory is world-writeable
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files...
Important: Red Hat Security Advisory: CloudForms System Engine 1.1 update
Updated CloudForms System Engine packages that fix multiple security issues, several bugs, and add enhancements are now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...
Moderate: Red Hat Security Advisory: CloudForms Commons 1.1 security update
Updated CloudForms Commons packages that fix several security issues are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...
CVE-2012-5604 rubygem-ldap_fluff: CloudForms authentication bypass when handling anonymous LDAP bind
The ldapfluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors...
CVE-2012-3503
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...
PT-2012-4767 · Red Hat · Katello
Name of the Vulnerable Software and Affected Versions: Katello versions 1.0 and earlier Description: The installation script does not properly generate the Application.config.secret token value, resulting in each default installation having the same secret token. This allows remote attackers to...
Important: Red Hat Security Advisory: katello security update
Updated katello packages that fix one security issue are now available for Red Hat CloudForms. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Katello: Application.config.secret_token is not generated properly
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...
sos security, bug fix, and enhancement update
2.2-29.0.1.el6 - Direct traceroute to linux.oracle.com John Haxby orabug 11713272 - Disable --upload option as it will not work with Oracle support - Check oraclelinux-release instead of redhat-release to get OS version John Haxby bug 11681869 - Remove RH ftp URL and support email - add...