CVE Vulnerabilities

CVE-2012-5509

Published: Mar 12, 2013 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.

Affected Software

Name Vendor Start Version End Version
Cloudforms_cloud_engine Redhat * 1.1 (including)
Cloudforms_cloud_engine Redhat 1.0 (including) 1.0 (including)
CloudForms for RHEL 6 RedHat aeolus-conductor-0:0.13.26-1.el6cf *
CloudForms for RHEL 6 RedHat aeolus-configserver-0:0.4.12-3.el6cf *
CloudForms for RHEL 6 RedHat imagefactory-0:1.0.3-1.el6cf *
CloudForms for RHEL 6 RedHat oz-0:0.8.0-8.el6cf *

References