Lucene search

[email protected]CVE-2012-5509

HistoryMar 12, 2013 - 10:55 p.m.

CVE-2012-5509

2013-03-1222:55:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-5509

aeolus configuration server

red hat cloudforms cloud engine

credential leakage

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.

Affected configurations

NVD

Node

redhatcloudforms_cloud_engineRange≤1.1

redhatcloudforms_cloud_engineMatch1.0

CPENameOperatorVersion
redhat:cloudforms_cloud_engineredhat cloudforms cloud enginele1.1
redhat:cloudforms_cloud_engineredhat cloudforms cloud engineeq1.0

CPE	Name	Operator	Version
redhat:cloudforms_cloud_engine	redhat cloudforms cloud engine	le	1.1
redhat:cloudforms_cloud_engine	redhat cloudforms cloud engine	eq	1.0

References

rhn.redhat.com/errata/RHSA-2013-0545.html

bugzilla.redhat.com/show_bug.cgi?id=875294

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2012-5509

nvd1 prion1 cvelist1