CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5603 – Katello: lack of authorization in proxies_controller.rb
https://notcve.org/view.php?id=CVE-2012-5603
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system. proxies_controller.rb en Katello en Red Hat CloudForms anterior a v1.1 no comprueba los permisos de forma adecuada, lo que permite a usuarios remotos autenticados leer certificados de consumidores o cambiar especificaciones de usuarios a través de vectores relacionados con el "consumer UUID"de un system. • http://osvdb.org/88140 http://osvdb.org/88142 http://rhn.redhat.com/errata/RHSA-2012-1543.html http://rhn.redhat.com/errata/RHSA-2013-0544.html http://secunia.com/advisories/51472 http://www.securityfocus.com/bid/56819 https://bugzilla.redhat.com/show_bug.cgi?id=882129 https://exchange.xforce.ibmcloud.com/vulnerabilities/80549 https://access.redhat.com/security/cve/CVE-2012-5603 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5605 – grinder: /var/lib/pulp/cache/grinder directory is world-writeable
https://notcve.org/view.php?id=CVE-2012-5605
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. Grinder en Red Hat CloudForms anteriores a v1.1 usa permisos "world-writable" para /var/lib/pulp/cache/grinder/, lo que permite a usuarios locales modificar la caché de los ficheros grinder. • http://osvdb.org/88141 http://rhn.redhat.com/errata/RHSA-2012-1543.html http://secunia.com/advisories/51472 http://www.securityfocus.com/bid/56819 https://bugzilla.redhat.com/show_bug.cgi?id=828447 https://bugzilla.redhat.com/show_bug.cgi?id=882138 https://exchange.xforce.ibmcloud.com/vulnerabilities/80550 https://access.redhat.com/security/cve/CVE-2012-5605 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4574 – pulp /etc/pulp/pulp.conf world readable, contains default admin password
https://notcve.org/view.php?id=CVE-2012-4574
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. Pulp en Red Hat CloudForms anteriores a v1.1 usa permisos "world-readable" en pulp.conf, lo que permite a usuarios locales a leer las contraseñas administrativas leyendo este fichero. • http://osvdb.org/88138 http://rhn.redhat.com/errata/RHSA-2012-1543.html http://secunia.com/advisories/51472 http://www.securityfocus.com/bid/56819 https://bugzilla.redhat.com/show_bug.cgi?id=872487 https://exchange.xforce.ibmcloud.com/vulnerabilities/80548 https://access.redhat.com/security/cve/CVE-2012-4574 • CWE-255: Credentials Management Errors •