Lucene search

[email protected]CVE-2012-5658

HistoryFeb 24, 2013 - 10:55 p.m.

CVE-2012-5658

2013-02-2422:55:01

CWE-310

[email protected]

web.nvd.nist.gov

cve-2012-5658

security vulnerability

red hat openshift origin

cleartext sensitive information

context-dependent attackers

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.7%

JSON

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.

Affected configurations

NVD

Node

redhatopenshiftRange≤1.0-enterprise

redhatopenshift_originMatch1.0.5

CPENameOperatorVersion
redhat:openshiftredhat openshiftle1.0
redhat:openshift_originredhat openshift origineq1.0.5

CPE	Name	Operator	Version
redhat:openshift	redhat openshift	le	1.0
redhat:openshift_origin	redhat openshift origin	eq	1.0.5

References

rhn.redhat.com/errata/RHSA-2013-0220.html

bugzilla.redhat.com/show_bug.cgi?id=889062

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2012-5658

prion1 nvd1 cvelist1 veracode6 nessus1 redhat1