Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-3287HistorySep 28, 2022 - 8:15 p.m.
CVE-2022-3287
2022-09-2820:15:00
Alpine Linux Development Team
security.alpinelinux.org
23
bmc
redfish plugin
vulnerability
password exposure
configuration file
unix
0.001 Low
EPSS
Percentile
28.6%
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.16-community | noarch | fwupd | = 1.7.6-r0 | UNKNOWN |
Related
nessus
nessus
Rocky Linux 8 : fwupd (RLSA-2023:7189)
2023-11-28 00:00:00
RHEL 8 : fwupd (RHSA-2024:1106)
2024-03-05 00:00:00
Oracle Linux 8 : fwupd (ELSA-2023-7189)
2023-11-21 00:00:00
oraclelinux
oraclelinux
fwupd security update
2023-11-17 00:00:00
fwupd security and bug fix update
2023-05-15 00:00:00
ubuntucve
ubuntucve
CVE-2022-3287
2022-09-28 00:00:00
osv
osv
CVE-2022-3287
2022-09-28 20:15:18
Moderate: fwupd security update
2023-11-14 00:00:00
Moderate: fwupd security update
2023-11-28 22:42:52
redhatcve
redhatcve
CVE-2022-3287
2022-09-28 12:48:53
cve
cve
CVE-2022-3287
2022-09-28 20:15:18
cnvd
cnvd
fwupd information disclosure vulnerability
2022-09-30 00:00:00
prion
prion
Authorization
2022-09-28 20:15:00
almalinux
almalinux
Moderate: fwupd security update
2023-11-14 00:00:00
Moderate: fwupd security and bug fix update
2023-05-09 00:00:00
redhat
redhat
(RHSA-2024:1403) Moderate: fwupd security update
2024-03-19 16:35:06
(RHSA-2023:7189) Moderate: fwupd security update
2023-11-14 08:47:29
(RHSA-2024:1106) Moderate: fwupd security update
2024-03-05 10:44:56
nvd
nvd
CVE-2022-3287
2022-09-28 20:15:18
rocky
rocky
fwupd security update
2023-11-28 22:42:52
veracode
veracode
Information Disclosure
2022-10-11 13:16:39
debiancve
debiancve
CVE-2022-3287
2022-09-28 20:15:18
cvelist
cvelist
CVE-2022-3287
2022-09-28 19:07:38