4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records
broker authentication credentials in a log file, which allows local users
to bypass authentication and perform unauthorized actions on jobs and
message queues via a direct connection to the broker.
Author | Note |
---|---|
tyhicks | It looks like condor may be affected. Condor and cumin was updated and we ship condor. Not sure if Ubuntu shipped version of condor is affected. |