Lucene search

Veracode Vulnerability DatabaseVERACODE:13185

HistoryJan 15, 2019 - 9:26 a.m.

Insecure File Permissions

2019-01-1509:26:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

JSON

postgresql uses insecure file permissions. The pg_upgrade module creates a file containing confidential metadata such as database passwords under prevailing umask in the current working directory, which would allow an authenticated user to read or modify the file.

CPENameOperatorVersion
cfme-applianceeq5.7.0.17__1.el7cf
cfme-applianceeq5.6.4.2__1.el7cf
cfme-applianceeq5.8.3.5__1.el7cf
cfme-applianceeq5.5.4.2__1.el7cf
cfme-applianceeq5.9.1.2__1.el7cf
cfme-applianceeq5.7.4.2__1.el7cf
cfme-applianceeq5.6.0.13__1.el7cf
cfme-applianceeq5.6.3.3__1.el7cf
cfme-applianceeq5.8.0.17__1.el7cf
cfme-applianceeq5.5.5.4__1.el7cf

Name	Operator	Version
cfme-appliance	eq	5.7.0.17__1.el7cf
cfme-appliance	eq	5.6.4.2__1.el7cf
cfme-appliance	eq	5.8.3.5__1.el7cf
cfme-appliance	eq	5.5.4.2__1.el7cf
cfme-appliance	eq	5.9.1.2__1.el7cf
cfme-appliance	eq	5.7.4.2__1.el7cf
cfme-appliance	eq	5.6.0.13__1.el7cf
cfme-appliance	eq	5.6.3.3__1.el7cf
cfme-appliance	eq	5.8.0.17__1.el7cf
cfme-appliance	eq	5.5.5.4__1.el7cf

Rows per page:

1-10 of 1171

References

www.securityfocus.com/bid/102986

access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html/release_notes

access.redhat.com/errata/RHSA-2018:2511

access.redhat.com/errata/RHSA-2018:2566

access.redhat.com/errata/RHSA-2018:3466

access.redhat.com/errata/RHSA-2018:3816

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1610547

bugzilla.redhat.com/show_bug.cgi?id=1618836

bugzilla.redhat.com/show_bug.cgi?id=1623562

bugzilla.redhat.com/show_bug.cgi?id=1634809

bugzilla.redhat.com/show_bug.cgi?id=1635034

bugzilla.redhat.com/show_bug.cgi?id=1635255

bugzilla.redhat.com/show_bug.cgi?id=1635759

bugzilla.redhat.com/show_bug.cgi?id=1635788

bugzilla.redhat.com/show_bug.cgi?id=1638501

bugzilla.redhat.com/show_bug.cgi?id=1639351

bugzilla.redhat.com/show_bug.cgi?id=1639353

bugzilla.redhat.com/show_bug.cgi?id=1639364

bugzilla.redhat.com/show_bug.cgi?id=1640194

bugzilla.redhat.com/show_bug.cgi?id=1640258

bugzilla.redhat.com/show_bug.cgi?id=1640629

bugzilla.redhat.com/show_bug.cgi?id=1640631

bugzilla.redhat.com/show_bug.cgi?id=1641771

bugzilla.redhat.com/show_bug.cgi?id=1643042

bugzilla.redhat.com/show_bug.cgi?id=1643261

bugzilla.redhat.com/show_bug.cgi?id=1643263

bugzilla.redhat.com/show_bug.cgi?id=1643539

bugzilla.redhat.com/show_bug.cgi?id=1643959

bugzilla.redhat.com/show_bug.cgi?id=1644410

bugzilla.redhat.com/show_bug.cgi?id=1645198

bugzilla.redhat.com/show_bug.cgi?id=1645204

bugzilla.redhat.com/show_bug.cgi?id=1646435

bugzilla.redhat.com/show_bug.cgi?id=1646561

bugzilla.redhat.com/show_bug.cgi?id=1646564

bugzilla.redhat.com/show_bug.cgi?id=1646571

bugzilla.redhat.com/show_bug.cgi?id=1646599

bugzilla.redhat.com/show_bug.cgi?id=1646604

bugzilla.redhat.com/show_bug.cgi?id=1646605

bugzilla.redhat.com/show_bug.cgi?id=1646606

bugzilla.redhat.com/show_bug.cgi?id=1646613

bugzilla.redhat.com/show_bug.cgi?id=1646629

bugzilla.redhat.com/show_bug.cgi?id=1646646

bugzilla.redhat.com/show_bug.cgi?id=1647056

bugzilla.redhat.com/show_bug.cgi?id=1647108

bugzilla.redhat.com/show_bug.cgi?id=1647188

bugzilla.redhat.com/show_bug.cgi?id=1647489

bugzilla.redhat.com/show_bug.cgi?id=1648674

bugzilla.redhat.com/show_bug.cgi?id=1648948

bugzilla.redhat.com/show_bug.cgi?id=1648955

bugzilla.redhat.com/show_bug.cgi?id=1648991

bugzilla.redhat.com/show_bug.cgi?id=1649033

bugzilla.redhat.com/show_bug.cgi?id=1649380

bugzilla.redhat.com/show_bug.cgi?id=1649419

bugzilla.redhat.com/show_bug.cgi?id=1650691

bugzilla.redhat.com/show_bug.cgi?id=1651291

bugzilla.redhat.com/show_bug.cgi?id=1651347

bugzilla.redhat.com/show_bug.cgi?id=1651391

bugzilla.redhat.com/show_bug.cgi?id=1653417

bugzilla.redhat.com/show_bug.cgi?id=1653710

bugzilla.redhat.com/show_bug.cgi?id=1654436

bugzilla.redhat.com/show_bug.cgi?id=1654463

bugzilla.redhat.com/show_bug.cgi?id=1655081

bugzilla.redhat.com/show_bug.cgi?id=1655143

bugzilla.redhat.com/show_bug.cgi?id=1655773

bugzilla.redhat.com/show_bug.cgi?id=1656168

bugzilla.redhat.com/show_bug.cgi?id=1656169

lists.debian.org/debian-lts-announce/2018/02/msg00006.html

usn.ubuntu.com/3564-1/

www.postgresql.org/about/news/1829/

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

JSON

Related for VERACODE:13185