2 matches found
CVE-2019-3891
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching...
CVE-2019-3891
CVE-2019-3891 affects Red Hat Satellite/Candlepin: a world-readable log file (cpdb.log) leaks Candlepin DB credentials. A local attacker can use the credentials to modify the Candlepin database and prevent Satellite from fetching package updates, impacting all Satellite hosts. The vulnerability i...