Home

CVE-2012-5561

Description

script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.109

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update apache-commons-codec-1.7-2.el6_3.x86_64.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update apache-mime4j-0.6-4_redhat_1.ep6.el6.1.noarch.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update apache-mime4j-javadoc-0.6-4_redhat_1.ep6.el6.1.noarch.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update elasticsearch-0.19.9-5.el6_3.noarch.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update katello-certs-tools-1.2.1-1h.el6_3.noarch.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update katello-cli-1.2.1-12h.el6_3.noarch.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update katello-cli-common-1.2.1-12h.el6_3.noarch.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update katello-selinux-1.2.1-2h.el6_3.noarch.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update lucene3-3.6.1-10h.el6_3.noarch.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update lucene3-contrib-3.6.1-10h.el6_3.noarch.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update quartz-2.1.5-4.el6_3.noarch.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update rubygem-ldap_fluff-0.1.3-1.el6_3.noarch.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update sigar-1.6.5-0.12.git58097d9h.el6_3.x86_64.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update sigar-java-1.6.5-0.12.git58097d9h.el6_3.x86_64.rpmLinux
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update snappy-java-1.0.4-2.el6_3.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234