interface: Ruby code injection

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors...

CVE-2012-5509

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...

CVE-2012-6117

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...

Design/Logic Flaw

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...

Design/Logic Flaw

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...

CVE-2012-6117

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...

CVE-2012-6117

CVE-2012-6117 affects Aeolus Configuration Server as used in Red Hat CloudForms Cloud Engine prior to 1.1.2. The issue is that /var/log/aeolus-configserver/configserver.log is world-readable, allowing local attackers to read plaintext passwords stored in the log file. Red Hat addressed this with ...

CVE-2012-5509

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...

CVE-2012-5509

CVE-2012-5509 affects Aeolus Configuration Server used with Red Hat CloudForms Cloud Engine prior to 1.1.2. The aeolus-configserver-setup script creates a world-readable temporary file in /tmp that contains credentials, enabling a local attacker to read them. Red Hat’s advisory for CloudForms Clo...

PT-2013-1801 · Red Hat · Aeolus Configuration Server

Name of the Vulnerable Software and Affected Versions: Aeolus Configuration Server versions prior to 1.1.2 Description: The issue concerns the aeolus-configserver-setup in the Aeolus Configuration Server, which is used in Red Hat CloudForms Cloud Engine. It uses world-readable permissions for a...

CVE-2012-5604

The ldapfluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors...

Authentication flaw

The ldapfluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors...

CVE-2012-5604

The ldapfluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors...

CVE-2012-5604

The CVE describes an authentication bypass in the ruby gem ldap_fluff when used with Active Directory for Red Hat CloudForms 1.1. Affects rubygem-ldap_fluff components; exploit vectors are not specified in the provided docs, but remote authentication bypass is stated. The issue is tracked as CVE-...

Moderate: Red Hat Security Advisory: CloudForms Common 1.1.2 update

CloudForms Common 1.1.2 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: CloudForms System Engine 1.1.2 update

CloudForms System Engine 1.1.2 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the...

Configserver: Passwords from application blueprint stored plaintext in configserver.log

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...

aeolus-configserver: aeolus-configserver-setup /tmp file conductor credentials leak

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...

Moderate: Red Hat Security Advisory: CloudForms Cloud Engine 1.1.2 update

CloudForms Cloud Engine 1.1.2 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the...

Critical: Red Hat Security Advisory: rubygem-activesupport security update

An updated rubygem-activesupport package that fixes one security issue is now available for Red Hat CloudForms. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...