Information Disclosure

2019-05-0204:53:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

Aeolus Configuration Server is vulnerable to information disclosure. Passwords are stored in plain text in the world-readable /var/log/aeolus-configserver/configserver.log file. A local attacker could use this flaw to obtain the administrative passwords for other services.

CPENameOperatorVersion
imagefactoryeq1.0.2__1.el6cf
imagefactoryeq1.0.1__2.el6cf
imagefactoryeq1.0.0rc11__1.el6
aeolus-configservereq0.4.11__1.el6cf
aeolus-configservereq0.4.8__1.el6_2
aeolus-conductoreq0.13.24__1.el6cf
aeolus-conductoreq0.8.34__1.el6cf
aeolus-conductoreq0.8.13__1.el6_2
ozeq0.8.0__5.el6
ozeq0.8.0__6.el6cf

Name	Operator	Version
imagefactory	eq	1.0.2__1.el6cf
imagefactory	eq	1.0.1__2.el6cf
imagefactory	eq	1.0.0rc11__1.el6
aeolus-configserver	eq	0.4.11__1.el6cf
aeolus-configserver	eq	0.4.8__1.el6_2
aeolus-conductor	eq	0.13.24__1.el6cf
aeolus-conductor	eq	0.8.34__1.el6cf
aeolus-conductor	eq	0.8.13__1.el6_2
oz	eq	0.8.0__5.el6
oz	eq	0.8.0__6.el6cf

Rows per page:

1-10 of 201

References

rhn.redhat.com/errata/RHSA-2013-0545.html

access.redhat.com/knowledge/docs/

access.redhat.com/knowledge/docs/en-US/CloudForms/1.1/html/Installation_Guide/Updating_CloudForms_Cloud_Engine.html

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=875294

bugzilla.redhat.com/show_bug.cgi?id=895569

bugzilla.redhat.com/show_bug.cgi?id=903395

bugzilla.redhat.com/show_bug.cgi?id=903646

bugzilla.redhat.com/show_bug.cgi?id=903650

bugzilla.redhat.com/show_bug.cgi?id=903651

bugzilla.redhat.com/show_bug.cgi?id=912395