CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5603 – Katello: lack of authorization in proxies_controller.rb
https://notcve.org/view.php?id=CVE-2012-5603
04 Jan 2013 — proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system. proxies_controller.rb en Katello en Red Hat CloudForms anterior a v1.1 no comprueba los permisos de forma adecuada, lo que permite a usuarios remotos autenticados leer certificados de consumidores o cambiar especificaciones de usuarios... • http://osvdb.org/88140 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4574 – pulp /etc/pulp/pulp.conf world readable, contains default admin password
https://notcve.org/view.php?id=CVE-2012-4574
04 Jan 2013 — Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. Pulp en Red Hat CloudForms anteriores a v1.1 usa permisos "world-readable" en pulp.conf, lo que permite a usuarios locales a leer las contraseñas administrativas leyendo este fichero. • http://osvdb.org/88138 • CWE-255: Credentials Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5605 – grinder: /var/lib/pulp/cache/grinder directory is world-writeable
https://notcve.org/view.php?id=CVE-2012-5605
04 Jan 2013 — Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. Grinder en Red Hat CloudForms anteriores a v1.1 usa permisos "world-writable" para /var/lib/pulp/cache/grinder/, lo que permite a usuarios locales modificar la caché de los ficheros grinder. • http://osvdb.org/88141 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-3538 – katello: pulp admin password logged in plaintext in world-readable katello/production.log
https://notcve.org/view.php?id=CVE-2012-3538
04 Jan 2013 — Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. Pulp en Red Hat CloudForms anteriores a v1.1 registra las contraseñas administrativas en un fichero legible, lo que permite a usuarios locales a leer contraseñas administrativas leyendo el fichero production.log. • http://osvdb.org/88139 • CWE-255: Credentials Management Errors •