Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) web pages, (2) export functionality, and (3) image viewing.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cumin | Trevor_mckay | * | 0.1.5192-4 (including) |
| Cumin | Trevor_mckay | 0.1.3160-1 (including) | 0.1.3160-1 (including) |
| Cumin | Trevor_mckay | 0.1.4369-1 (including) | 0.1.4369-1 (including) |
| Cumin | Trevor_mckay | 0.1.4410-2 (including) | 0.1.4410-2 (including) |
| Cumin | Trevor_mckay | 0.1.4494-1 (including) | 0.1.4494-1 (including) |
| Cumin | Trevor_mckay | 0.1.4794-1 (including) | 0.1.4794-1 (including) |
| Cumin | Trevor_mckay | 0.1.4916-1 (including) | 0.1.4916-1 (including) |
| Cumin | Trevor_mckay | 0.1.5033-1 (including) | 0.1.5033-1 (including) |
| Cumin | Trevor_mckay | 0.1.5037-1 (including) | 0.1.5037-1 (including) |
| Cumin | Trevor_mckay | 0.1.5054-1 (including) | 0.1.5054-1 (including) |
| Cumin | Trevor_mckay | 0.1.5068-1 (including) | 0.1.5068-1 (including) |
| Cumin | Trevor_mckay | 0.1.5092-1 (including) | 0.1.5092-1 (including) |
| Cumin | Trevor_mckay | 0.1.5098-2 (including) | 0.1.5098-2 (including) |
| Cumin | Trevor_mckay | 0.1.5105-1 (including) | 0.1.5105-1 (including) |
| Cumin | Trevor_mckay | 0.1.5137-1 (including) | 0.1.5137-1 (including) |
| Cumin | Trevor_mckay | 0.1.5137-2 (including) | 0.1.5137-2 (including) |
| Cumin | Trevor_mckay | 0.1.5137-3 (including) | 0.1.5137-3 (including) |
| Cumin | Trevor_mckay | 0.1.5137-4 (including) | 0.1.5137-4 (including) |
| Cumin | Trevor_mckay | 0.1.5137-5 (including) | 0.1.5137-5 (including) |
| Cumin | Trevor_mckay | 0.1.5192-1 (including) | 0.1.5192-1 (including) |
| Enterprise_mrg | Redhat | 2.0 (including) | 2.0 (including) |
| MRG for RHEL-5 v. 2 | RedHat | condor-0:7.6.5-0.22.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | condor-wallaby-0:4.1.3-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | condor-wallaby-base-db-0:1.23-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | cumin-0:0.1.5444-3.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | sesame-0:1.0-4.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | wallaby-0:0.12.5-10.el5 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-0:7.6.5-0.22.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-wallaby-0:4.1.3-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-wallaby-base-db-0:1.23-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | cumin-0:0.1.5444-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | deltacloud-core-0:0.5.0-10.el6_2 | * |
| Red Hat Enterprise MRG 2 | RedHat | libdeltacloud-0:0.9-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-daemons-0:1.1.4-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-eventmachine-0:0.12.10-7.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-fssm-0:0.2.7-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-haml-0:3.1.2-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-hpricot-0:0.8.4-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-json-0:1.4.6-10.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-maruku-0:0.6.0-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-mime-types-0:1.16-4.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-mocha-0:0.9.7-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-net-ssh-0:2.0.23-6.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-nokogiri-0:1.5.0-0.8.beta4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-1:1.3.0-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-accept-0:0.4.3-6.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-test-0:0.6.1-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rake-0:0.8.7-2.1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rest-client-0:1.6.1-2.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygems-0:1.8.16-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-sass-0:3.1.4-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-sinatra-1:1.2.6-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-syntax-0:1.0.0-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-thin-0:1.2.11-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-tilt-0:1.3.2-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-yard-0:0.7.2-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | sesame-0:1.0-6.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | wallaby-0:0.12.5-10.el6 | * |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50660
- http://www.securityfocus.com/bid/55618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78770
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50660
- http://www.securityfocus.com/bid/55618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78770