CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1CVE-2012-6117 – Configserver: Passwords from application blueprint stored plaintext in configserver.log
https://notcve.org/view.php?id=CVE-2012-6117
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file. Aeolus Configuration Server, como se usaba en Hat CloudForms Cloud Engine anterior a v1.1.2, usa permisos de lectura para todos en /var/log/aeolus-configserver/configserver.log, lo que permite que usuario locales lean contraseñas en texto plano mediante la lectura de un fichero de log. • http://rhn.redhat.com/errata/RHSA-2013-0545.html https://bugzilla.redhat.com/show_bug.cgi?id=875294 https://access.redhat.com/security/cve/CVE-2012-6117 https://bugzilla.redhat.com/show_bug.cgi?id=906201 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5509 – aeolus-configserver: aeolus-configserver-setup /tmp file conductor credentials leak
https://notcve.org/view.php?id=CVE-2012-5509
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file. aeolus-configserver-setup en el Aeolas Configuration Server, como se usaba en Red Hat CloudForms Cloud Engine anterior a v1.1.2, usa permisos de lectura para todos en un fichero temporal en /tmp, lo que permite que usuarios locales lean credenciales mediante la lectura de dicho fichero. • http://rhn.redhat.com/errata/RHSA-2013-0545.html https://bugzilla.redhat.com/show_bug.cgi?id=875294 https://access.redhat.com/security/cve/CVE-2012-5509 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •