Vulnerability in Redhat Cloudforms

CVE-2012-3538

Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.

EPSS: 0.002 (40.9th percentile) — read the EPSS interpretation.

Affected products

Redhat Cloudforms
N/a — versions n/a

Weakness classification (CWE)

CWE-255

References

cloudforms-pulp-info-disc(80547) (vdb-entry, x_refsource_XF)
88139 (x_refsource_OSVDB, vdb-entry)
51472 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2012:1543 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
56819 (vdb-entry, x_refsource_BID)