aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.
CPE | Name | Operator | Version |
---|---|---|---|
cloudforms_cloud_engine | le | 1.1 | |
cloudforms_cloud_engine | eq | 1.0 |