Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2012-3538

Published: Jan 04, 2013 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.3 LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
4.9 MODERATE
AV:L/AC:L/Au:N/C:C/I:N/A:N
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2012-3538
CWEhttps://cwe.mitre.org/data/definitions/255.html

Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.

Affected Software

Name Vendor Start Version End Version
Cloudforms Redhat * 1.0 (including)
CloudForms for RHEL 6 RedHat candlepin-0:0.7.8.1-1.el6cf *
CloudForms for RHEL 6 RedHat gofer-0:0.66.1-2.el6cf *
CloudForms for RHEL 6 RedHat grinder-0:0.0.150-1.el6cf *
CloudForms for RHEL 6 RedHat katello-0:1.1.12-22.el6cf *
CloudForms for RHEL 6 RedHat katello-agent-0:1.1.2-1.el6cf *
CloudForms for RHEL 6 RedHat katello-certs-tools-0:1.1.8-1.el6cf *
CloudForms for RHEL 6 RedHat katello-cli-0:1.1.8-12.el6cf *
CloudForms for RHEL 6 RedHat katello-cli-tests-0:1.1.5-2.el6cf *
CloudForms for RHEL 6 RedHat katello-configure-0:1.1.9-12.el6cf *
CloudForms for RHEL 6 RedHat katello-selinux-0:1.1.1-2.el6cf *
CloudForms for RHEL 6 RedHat pulp-0:1.1.14-1.el6cf *
CloudForms for RHEL 6 RedHat quartz-0:2.1.5-4.el6cf *
CloudForms for RHEL 6 RedHat rubygem-apipie-rails-0:0.0.11-3.el6cf *
CloudForms Tools for RHEL 5 RedHat gofer-0:0.66.1-2.el5 *
CloudForms Tools for RHEL 5 RedHat katello-agent-0:1.1.2-1.el5 *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use