Lucene search

K

Veracode Vulnerability DatabaseVERACODE:37729

HistoryNov 01, 2022 - 4:49 a.m.

Information Disclosure

2022-11-0104:49:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

virtualbmc

vulnerability

information disclosure

set_boot_device function

xml changes

boot mode

options

firmware

attacker

sensitive information

software

EPSS

0.001

Percentile

17.8%

virtualbmc is vulnerable to information disclosure. The vulnerability exists due to the set_boot_device function in vbmc.py which does not properly secure information on xml changes when setting parameters revolving around boot mode, options and firmware, allowing an attacker to gain sensitive information

References

github.com/advisories/GHSA-5pj3-6fqm-8m7m

github.com/openstack/virtualbmc/commit/348e96511477fd8d89a0296da75015ca3182c836

lists.fedoraproject.org/archives/list/[email protected]/message/GAD7QJIUWPCKJIGYP7PPHH5DILOEONFE/

lists.fedoraproject.org/archives/list/[email protected]/message/KEQVJF3OQGSDCSQTQQSC54JEGLMSNB4Q/

lists.fedoraproject.org/archives/list/[email protected]/message/QMSUGS4B6EBRHBJMTRXL5RIKJTZTEMJC/

review.opendev.org/c/openstack/sushy-tools/+/862625

review.opendev.org/c/openstack/virtualbmc/+/862620

storyboard.openstack.org/#!/story/2010382

EPSS

0.001

Percentile

17.8%

Related for VERACODE:37729

fedora3 osv2 openvas3 cvelist1 nvd1 prion1 nessus2 cve1 redhatcve1 redhat1 github1