CVE Vulnerabilities

CVE-2012-4574

Published: Jan 04, 2013 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
4.9 MODERATE
AV:L/AC:L/Au:N/C:C/I:N/A:N
RedHat/V3
Ubuntu

Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.

Affected Software

Name Vendor Start Version End Version
Cloudforms Redhat * 1.0
CloudForms for RHEL 6 RedHat candlepin-0:0.7.8.1-1.el6cf *
CloudForms for RHEL 6 RedHat gofer-0:0.66.1-2.el6cf *
CloudForms for RHEL 6 RedHat grinder-0:0.0.150-1.el6cf *
CloudForms for RHEL 6 RedHat katello-0:1.1.12-22.el6cf *
CloudForms for RHEL 6 RedHat katello-agent-0:1.1.2-1.el6cf *
CloudForms for RHEL 6 RedHat katello-certs-tools-0:1.1.8-1.el6cf *
CloudForms for RHEL 6 RedHat katello-cli-0:1.1.8-12.el6cf *
CloudForms for RHEL 6 RedHat katello-cli-tests-0:1.1.5-2.el6cf *
CloudForms for RHEL 6 RedHat katello-configure-0:1.1.9-12.el6cf *
CloudForms for RHEL 6 RedHat katello-selinux-0:1.1.1-2.el6cf *
CloudForms for RHEL 6 RedHat pulp-0:1.1.14-1.el6cf *
CloudForms for RHEL 6 RedHat quartz-0:2.1.5-4.el6cf *
CloudForms for RHEL 6 RedHat rubygem-apipie-rails-0:0.0.11-3.el6cf *
CloudForms Tools for RHEL 5 RedHat gofer-0:0.66.1-2.el5 *
CloudForms Tools for RHEL 5 RedHat katello-agent-0:1.1.2-1.el5 *
RHUI for RHEL 6 RedHat *

References