PT-2013-1691 · Red Hat · Red Hat Cloudforms

Kurt Seifried

·

Published

2013-01-04

·

Updated

2017-08-29

·

CVE-2012-4574

CVSS v2.0

2.1

Low

VectorAV:L/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Red Hat CloudForms versions prior to 1.1
Description The issue allows local users to read the administrative password due to world-readable permissions for the pulp.conf file.
Recommendations For versions prior to 1.1, change the permissions of the pulp.conf file to restrict read access to authorized users.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2012-4574

Affected Products

Red Hat Cloudforms