Home

CVE-2019-3816

Description

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.961

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwsman1-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwsman1-debuginfo-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwsman_clientpp1-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) libwsman_clientpp1-debuginfo-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) openwsman-debugsource-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) openwsman-server-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:0656-1(SUSE Linux Enterprise Desktop 12-SP3 ) openwsman-server-debuginfo-2.4.11-21.8.1.x86_64.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) libwsman1-2.2.3-0.16.8.1.i586.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) libwsman1-2.2.3-0.16.8.1.x86_64.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) openwsman-client-2.2.3-0.16.8.1.i586.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) openwsman-client-2.2.3-0.16.8.1.x86_64.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) openwsman-server-2.2.3-0.16.8.1.i586.rpmLinux
SUSE-SU-2019:13981-1(SUSE Linux Enterprise Server 11-SP4 ) openwsman-server-2.2.3-0.16.8.1.x86_64.rpmLinux
(RHSA-2019:0638) openwsman security update libwsman-devel-2.6.3-6.git4391e5c.el7_6.i686.rpmLinux
(RHSA-2019:0638) openwsman security update libwsman-devel-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
(RHSA-2019:0638) openwsman security update libwsman1-2.6.3-6.git4391e5c.el7_6.i686.rpmLinux
(RHSA-2019:0638) openwsman security update libwsman1-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
(RHSA-2019:0638) openwsman security update openwsman-client-2.6.3-6.git4391e5c.el7_6.i686.rpmLinux
(RHSA-2019:0638) openwsman security update openwsman-client-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
(RHSA-2019:0638) openwsman security update openwsman-perl-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
(RHSA-2019:0638) openwsman security update openwsman-python-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
(RHSA-2019:0638) openwsman security update openwsman-ruby-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
(RHSA-2019:0638) openwsman security update openwsman-server-2.6.3-6.git4391e5c.el7_6.i686.rpmLinux
(RHSA-2019:0638) openwsman security update openwsman-server-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
(RHSA-2019:0972) openwsman security update libwsman1-2.6.5-5.el8.i686.rpmLinux
(RHSA-2019:0972) openwsman security update libwsman1-2.6.5-5.el8.x86_64.rpmLinux
(RHSA-2019:0972) openwsman security update openwsman-client-2.6.5-5.el8.i686.rpmLinux
(RHSA-2019:0972) openwsman security update openwsman-client-2.6.5-5.el8.x86_64.rpmLinux
(RHSA-2019:0972) openwsman security update openwsman-debugsource-2.6.5-5.el8.i686.rpmLinux
(RHSA-2019:0972) openwsman security update openwsman-debugsource-2.6.5-5.el8.x86_64.rpmLinux
(RHSA-2019:0972) openwsman security update openwsman-python3-2.6.5-5.el8.x86_64.rpmLinux
(RHSA-2019:0972) openwsman security update openwsman-server-2.6.5-5.el8.i686.rpmLinux
(RHSA-2019:0972) openwsman security update openwsman-server-2.6.5-5.el8.x86_64.rpmLinux
Libwsman-devel update (ELSA-2019-0638) libwsman-devel-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
Libwsman1 update (ELSA-2019-0638) libwsman1-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
Openwsman-client update (ELSA-2019-0638) openwsman-client-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
Openwsman-perl update (ELSA-2019-0638) openwsman-perl-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
Openwsman-python update (ELSA-2019-0638) openwsman-python-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
Openwsman-ruby update (ELSA-2019-0638) openwsman-ruby-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
Openwsman-server update (ELSA-2019-0638) openwsman-server-2.6.3-6.git4391e5c.el7_6.x86_64.rpmLinux
Libwsman-devel update (ELSA-2019-0638) libwsman-devel-2.6.3-6.git4391e5c.el7_6.i686.rpmLinux
Libwsman1 update (ELSA-2019-0638) libwsman1-2.6.3-6.git4391e5c.el7_6.i686.rpmLinux
Openwsman-client update (ELSA-2019-0638) openwsman-client-2.6.3-6.git4391e5c.el7_6.i686.rpmLinux
Openwsman-server update (ELSA-2019-0638) openwsman-server-2.6.3-6.git4391e5c.el7_6.i686.rpmLinux
(CESA-2019:0972) openwsman security update libwsman1-2.6.5-5.el8.i686.rpmLinux
(CESA-2019:0972) openwsman security update libwsman1-2.6.5-5.el8.x86_64.rpmLinux
(CESA-2019:0972) openwsman security update openwsman-client-2.6.5-5.el8.i686.rpmLinux
(CESA-2019:0972) openwsman security update openwsman-client-2.6.5-5.el8.x86_64.rpmLinux
(CESA-2019:0972) openwsman security update openwsman-python3-2.6.5-5.el8.x86_64.rpmLinux
(CESA-2019:0972) openwsman security update openwsman-server-2.6.5-5.el8.i686.rpmLinux
(CESA-2019:0972) openwsman security update openwsman-server-2.6.5-5.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234