Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2012-5605

Published: Jan 04, 2013 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
4.6 MODERATE
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2012-5605
CWEhttps://cwe.mitre.org/data/definitions/264.html

Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.

Affected Software

Name Vendor Start Version End Version
Cloudforms Redhat * 1.0 (including)
CloudForms for RHEL 6 RedHat candlepin-0:0.7.8.1-1.el6cf *
CloudForms for RHEL 6 RedHat gofer-0:0.66.1-2.el6cf *
CloudForms for RHEL 6 RedHat grinder-0:0.0.150-1.el6cf *
CloudForms for RHEL 6 RedHat katello-0:1.1.12-22.el6cf *
CloudForms for RHEL 6 RedHat katello-agent-0:1.1.2-1.el6cf *
CloudForms for RHEL 6 RedHat katello-certs-tools-0:1.1.8-1.el6cf *
CloudForms for RHEL 6 RedHat katello-cli-0:1.1.8-12.el6cf *
CloudForms for RHEL 6 RedHat katello-cli-tests-0:1.1.5-2.el6cf *
CloudForms for RHEL 6 RedHat katello-configure-0:1.1.9-12.el6cf *
CloudForms for RHEL 6 RedHat katello-selinux-0:1.1.1-2.el6cf *
CloudForms for RHEL 6 RedHat pulp-0:1.1.14-1.el6cf *
CloudForms for RHEL 6 RedHat quartz-0:2.1.5-4.el6cf *
CloudForms for RHEL 6 RedHat rubygem-apipie-rails-0:0.0.11-3.el6cf *
CloudForms Tools for RHEL 5 RedHat gofer-0:0.66.1-2.el5 *
CloudForms Tools for RHEL 5 RedHat katello-agent-0:1.1.2-1.el5 *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use