CVE-2019-13313
Description
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.05
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2020:1051) libosinfo security and bug fix update libosinfo-1.1.0-5.el7.i686.rpm | Linux |
| (RHSA-2020:1051) libosinfo security and bug fix update libosinfo-1.1.0-5.el7.x86_64.rpm | Linux |
| (RHSA-2020:1051) libosinfo security and bug fix update libosinfo-devel-1.1.0-5.el7.i686.rpm | Linux |
| (RHSA-2020:1051) libosinfo security and bug fix update libosinfo-devel-1.1.0-5.el7.x86_64.rpm | Linux |
| (RHSA-2020:1051) libosinfo security and bug fix update libosinfo-vala-1.1.0-5.el7.x86_64.rpm | Linux |
| (RHSA-2019:3387) osinfo-db and libosinfo security and bug fix update libosinfo-1.5.0-3.el8.i686.rpm | Linux |
| (RHSA-2019:3387) osinfo-db and libosinfo security and bug fix update libosinfo-1.5.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3387) osinfo-db and libosinfo security and bug fix update libosinfo-debugsource-1.5.0-3.el8.i686.rpm | Linux |
| (RHSA-2019:3387) osinfo-db and libosinfo security and bug fix update libosinfo-debugsource-1.5.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3387) osinfo-db and libosinfo security and bug fix update osinfo-db-20190611-1.el8.noarch.rpm | Linux |
| (RHSA-2019:3387) osinfo-db and libosinfo security and bug fix update osinfo-db-tools-1.5.0-4.el8.x86_64.rpm | Linux |
| (RHSA-2019:3387) osinfo-db and libosinfo security and bug fix update osinfo-db-tools-debugsource-1.5.0-4.el8.x86_64.rpm | Linux |
| (CESA-2019:3387) osinfo-db and libosinfo security and bug fix update libosinfo-1.5.0-3.el8.i686.rpm | Linux |
| (CESA-2019:3387) osinfo-db and libosinfo security and bug fix update libosinfo-1.5.0-3.el8.x86_64.rpm | Linux |
| (CESA-2019:3387) osinfo-db and libosinfo security and bug fix update osinfo-db-20190611-1.el8.noarch.rpm | Linux |
| (CESA-2019:3387) osinfo-db and libosinfo security and bug fix update osinfo-db-tools-1.5.0-4.el8.x86_64.rpm | Linux |
| (CESA-2020:1051) libosinfo security and bug fix update libosinfo-1.1.0-5.el7.i686.rpm | Linux |
| (CESA-2020:1051) libosinfo security and bug fix update libosinfo-1.1.0-5.el7.x86_64.rpm | Linux |
| (CESA-2020:1051) libosinfo security and bug fix update libosinfo-devel-1.1.0-5.el7.i686.rpm | Linux |
| (CESA-2020:1051) libosinfo security and bug fix update libosinfo-devel-1.1.0-5.el7.x86_64.rpm | Linux |
| (CESA-2020:1051) libosinfo security and bug fix update libosinfo-vala-1.1.0-5.el7.x86_64.rpm | Linux |
| (RHSA-2019:3387) osinfo-db and libosinfo security and bug fix update gnome-boxes-3.28.5-7.el8.x86_64.rpm | Linux |
| (RHSA-2019:3387)Low: and libosinfo security and bug fix update gnome-boxes-debuginfo-3.28.5-7.el8.x86_64.rpm | Linux |
| (RHSA-2019:3387) osinfo-db and libosinfo security and bug fix update gnome-boxes-debugsource-3.28.5-7.el8.x86_64.rpm | Linux |
| (RHSA-2019:3387)Low: and libosinfo security and bug fix update libosinfo-debuginfo-1.5.0-3.el8.i686.rpm | Linux |
| (RHSA-2019:3387)Low: and libosinfo security and bug fix update libosinfo-debuginfo-1.5.0-3.el8.x86_64.rpm | Linux |
| (RHSA-2019:3387)Low: and libosinfo security and bug fix update osinfo-db-tools-debuginfo-1.5.0-4.el8.x86_64.rpm | Linux |
| (RHSA-2020:1051)Low: security and bug fix update libosinfo-debuginfo-1.1.0-5.el7.i686.rpm | Linux |
| (RHSA-2020:1051)Low: security and bug fix update libosinfo-debuginfo-1.1.0-5.el7.x86_64.rpm | Linux |
| Gnome-boxes update (ELSA-2019-3387) gnome-boxes-3.28.5-7.el8.x86_64.rpm | Linux |
| Libosinfo update (ELSA-2019-3387) libosinfo-1.5.0-3.el8.i686.rpm | Linux |
| Libosinfo update (ELSA-2019-3387) libosinfo-1.5.0-3.el8.x86_64.rpm | Linux |
| Osinfo-db update (ELSA-2019-3387) osinfo-db-20190611-1.0.2.el8.noarch.rpm | Linux |
| Osinfo-db-tools update (ELSA-2019-3387) osinfo-db-tools-1.5.0-4.el8.x86_64.rpm | Linux |
| Libosinfo update (ELSA-2020-1051) libosinfo-1.1.0-5.el7.i686.rpm | Linux |
| Libosinfo update (ELSA-2020-1051) libosinfo-1.1.0-5.el7.x86_64.rpm | Linux |
| libosinfo Security Update (ALAS-2020-1527) libosinfo-1.1.0-5.amzn2.i686.rpm | Linux |
| libosinfo Security Update (ALAS-2020-1527) libosinfo-1.1.0-5.amzn2.x86_64.rpm | Linux |
| libosinfo Security Update (ALAS-2020-1527) libosinfo-vala-1.1.0-5.amzn2.x86_64.rpm | Linux |
| libosinfo Security Update (ALAS-2020-1527) libosinfo-devel-1.1.0-5.amzn2.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234