4 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-0135
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for defaultvalues.yaml, which allows local users to obtain...
RHEL 6 : rubygem-kafo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-kafo: temporary file creation vulnerability when creating /tmp/defaultvalues.yaml CVE-2014-0135 Note that...
CVE-2014-0135
CVE-2014-0135 affects Kafo before 0.3.17 and 0.4.x before 0.5.2 (as used by Foreman). The issue is that default_values.yaml is world-readable, allowing local users to read passwords and other sensitive information. Remediation is to upgrade Kafo to 0.3.17+ or 0.4.x to 0.5.2+ (where fixed). If not...
CVE-2014-0135 rubygem-kafo: temporary file creation vulnerability when creating /tmp/default_values.yaml
Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for defaultvalues.yaml, which allows local users to obtain passwords and other sensitive information by reading the file...