CVE-2012-3538 – katello: pulp admin password logged in plaintext in world-readable katello/production.log
https://notcve.org/view.php?id=CVE-2012-3538
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. Pulp en Red Hat CloudForms anteriores a v1.1 registra las contraseñas administrativas en un fichero legible, lo que permite a usuarios locales a leer contraseñas administrativas leyendo el fichero production.log. • http://osvdb.org/88139 http://rhn.redhat.com/errata/RHSA-2012-1543.html http://secunia.com/advisories/51472 http://www.securityfocus.com/bid/56819 https://exchange.xforce.ibmcloud.com/vulnerabilities/80547 https://access.redhat.com/security/cve/CVE-2012-3538 https://bugzilla.redhat.com/show_bug.cgi?id=852199 • CWE-255: Credentials Management Errors •
CVE-2012-5603 – Katello: lack of authorization in proxies_controller.rb
https://notcve.org/view.php?id=CVE-2012-5603
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system. proxies_controller.rb en Katello en Red Hat CloudForms anterior a v1.1 no comprueba los permisos de forma adecuada, lo que permite a usuarios remotos autenticados leer certificados de consumidores o cambiar especificaciones de usuarios a través de vectores relacionados con el "consumer UUID"de un system. • http://osvdb.org/88140 http://osvdb.org/88142 http://rhn.redhat.com/errata/RHSA-2012-1543.html http://rhn.redhat.com/errata/RHSA-2013-0544.html http://secunia.com/advisories/51472 http://www.securityfocus.com/bid/56819 https://bugzilla.redhat.com/show_bug.cgi?id=882129 https://exchange.xforce.ibmcloud.com/vulnerabilities/80549 https://access.redhat.com/security/cve/CVE-2012-5603 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-5605 – grinder: /var/lib/pulp/cache/grinder directory is world-writeable
https://notcve.org/view.php?id=CVE-2012-5605
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. Grinder en Red Hat CloudForms anteriores a v1.1 usa permisos "world-writable" para /var/lib/pulp/cache/grinder/, lo que permite a usuarios locales modificar la caché de los ficheros grinder. • http://osvdb.org/88141 http://rhn.redhat.com/errata/RHSA-2012-1543.html http://secunia.com/advisories/51472 http://www.securityfocus.com/bid/56819 https://bugzilla.redhat.com/show_bug.cgi?id=828447 https://bugzilla.redhat.com/show_bug.cgi?id=882138 https://exchange.xforce.ibmcloud.com/vulnerabilities/80550 https://access.redhat.com/security/cve/CVE-2012-5605 • CWE-264: Permissions, Privileges, and Access Controls •