PT-2023-30988 · Apache+1 · Apache Tomcat+1

Pedro Sampaio

Publicado

2023-10-03

Atualizado

2025-03-26

CVE-2023-4886

CVSS v3.1

6.7

Média

Vetor

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions foreman (affected versions not specified)

Description A sensitive information exposure issue was found in foreman, where the contents of tomcat's server.xml file are world readable. This file contains passwords to candlepin's keystore and truststore.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2025-3716

CVE-2023-4886

RHSA-2023:7851

RHSA-2024:1061

Produtos afetados

Alt Linux

Apache Tomcat

PT-2023-30988 · Apache+1 · Apache Tomcat+1

CVE-2023-4886

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10