CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0433 – insecure permissions on files containing confidential data
https://notcve.org/view.php?id=CVE-2012-0433
The install-chef-suse.sh script shipped with crowbar before 2012-10-02 is creating files containing confidential data with insecure permissions, allowing local users to read confidential data. El script install-chef-suse.sh distribuido con crowbar en versiones anteriores al 2012-10-02 crea archivos que contienen datos confidenciales con permisos inseguros. Esto permite que los usuarios locales lean datos confidenciales. • https://bugzilla.suse.com/show_bug.cgi?id=783195 https://www.suse.com/security/cve/CVE-2012-0433 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4CVE-2012-3551 – Crowbar - 'file' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3551
Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en crowbar_framework/app/views/support/index.html, en el Crowbar barclamp en Crowbar, posiblemente v1.4 y anteriores, permite a atacantes remotos autenticados inyectar secuencias de comandos web o HTML a través del parámetro file para /utils • https://www.exploit-db.com/exploits/37690 http://www.openwall.com/lists/oss-security/2012/08/31/1 http://www.securityfocus.com/bid/55315 https://bugzilla.novell.com/show_bug.cgi?id=771840 https://github.com/SUSE-Cloud/barclamp-crowbar/commit/90e905b7668a1cc884fb70040f96c7a0a287de48 https://github.com/SUSE-Cloud/barclamp-crowbar/commit/a82ed926c6e3ba2b0cada213c35e4b00f34ea629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 2CVE-2012-3537
https://notcve.org/view.php?id=CVE-2012-3537
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names. El plugin Crowbar Ohai (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) en el Deployer Barclamp en Crowbar, posiblemente v1.4 y anteriores, permite a usuarios locales ejecutar una shell mediante vectores relacionados con una manipulación insegura de ficheros temporales y nombres de fichero predecibles. • http://osvdb.org/84955 http://secunia.com/advisories/50442 http://www.openwall.com/lists/oss-security/2012/08/27/5 http://www.openwall.com/lists/oss-security/2012/08/27/7 http://www.securityfocus.com/bid/55240 https://bugzilla.novell.com/show_bug.cgi?id=774967 https://exchange.xforce.ibmcloud.com/vulnerabilities/78041 https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8 https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53 • CWE-264: Permissions, Privileges, and Access Controls •