cumin is vulnerable to authentication bypass. A flaw was discovered in Cumin where it would log broker authentication credentials to the Cumin log file. A local user exploiting this flaw could connect to the broker outside of Cumin’s control and perform certain operations such as scheduling jobs, setting attributes on jobs, as well as holding, releasing or removing jobs. The user could also use this to, depending on the defined ACLs of the broker, manipulate message queues and other privileged operations.
osvdb.org/75217
secunia.com/advisories/45887
secunia.com/advisories/45928
www.redhat.com/support/errata/RHSA-2011-1249.html
www.redhat.com/support/errata/RHSA-2011-1250.html
www.securityfocus.com/bid/49500
www.securitytracker.com/id?1026021
access.redhat.com/errata/RHSA-2011:1250
access.redhat.com/kb/docs/DOC-58404
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=731574
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2.0/html/Technical_Notes/index.html
exchange.xforce.ibmcloud.com/vulnerabilities/69659