rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Storage_console | Redhat | 2.0 (including) | 2.0 (including) |
| Storage_console_node | Redhat | 2.0 (including) | 2.0 (including) |
| Red Hat Storage Console 2 for Red Hat Enteprise Linux 7 | RedHat | ceph-ansible-0:1.0.5-34.el7scon | * |
| Red Hat Storage Console 2 for Red Hat Enteprise Linux 7 | RedHat | ceph-installer-0:1.0.15-2.el7scon | * |
| Red Hat Storage Console 2 for Red Hat Enteprise Linux 7 | RedHat | rhscon-agent-0:0.0.19-1.el7scon | * |
| Red Hat Storage Console 2 for Red Hat Enteprise Linux 7 | RedHat | rhscon-ceph-0:0.0.43-1.el7scon | * |
| Red Hat Storage Console 2 for Red Hat Enteprise Linux 7 | RedHat | rhscon-core-0:0.0.45-1.el7scon | * |
| Red Hat Storage Console 2 for Red Hat Enteprise Linux 7 | RedHat | rhscon-ui-0:0.0.60-1.el7scon | * |
References
- http://www.securityfocus.com/bid/93796
- http://www.securitytracker.com/id/1037062
- https://access.redhat.com/errata/RHSA-2016:2082
- https://bugzilla.redhat.com/show_bug.cgi?id=1381681
- http://www.securityfocus.com/bid/93796
- http://www.securitytracker.com/id/1037062
- https://access.redhat.com/errata/RHSA-2016:2082
- https://bugzilla.redhat.com/show_bug.cgi?id=1381681