Design/Logic Flaw

2013-03-1222:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.

CPENameOperatorVersion
cloudforms_cloud_enginele1.1
cloudforms_cloud_engineeq1.0

CPE	Name	Operator	Version
	cloudforms_cloud_engine	le	1.1
	cloudforms_cloud_engine	eq	1.0

References

rhn.redhat.com/errata/RHSA-2013-0545.html

bugzilla.redhat.com/show_bug.cgi?id=875294